NSS Smart Consulting Co., Ltd. (based in Shinjuku, Tokyo; CEO: Eisuke Ando) conducted a survey on the 'Penetration Level of Information Security Education and Employee Awareness in Companies' among office workers who use PCs and IT systems for work.

Every spring, many companies start training programs for new employees. In today's rapidly digitizing business world, 'Information Security Education' is one of the most critical programs to protect an organization. Recently, cyber threats have become increasingly sophisticated, such as the large-scale attacks on major corporations reported in 2025 and the surge in CEO fraud (Business Email Compromise impersonating executives). To defend against these threats, improving the literacy of each employee is essential, alongside technical system measures.

However, a common organizational challenge is how to practice and sustain the knowledge learned in training amidst busy daily operations and complex security requirements. In response, NSS Smart Consulting, which operates 'ISO Pro'—a support site for ISO acquisition and operation—conducted this survey.

Survey Overview: - Period: March 18, 2026 – March 19, 2026 - Method: Internet survey via PRIZMA - Participants: 1,025 office workers using PCs/IT systems - Source: NSS Smart Consulting (ISO Pro) - Monitor Provider: SACRISA

Key Findings: While approximately 40% of respondents receive regular information security training, nearly 60% ended up 'only vaguely understanding the content' because the technical terms were too difficult. This gap between training and actual comprehension poses a severe vulnerability. The survey also revealed that 20% of employees have attempted to 'self-resolve' security errors without reporting them, creating a dangerous blind spot for management. These 'hidden risks' can lead to secondary damages when sophisticated attacks occur.

FACT BOX

  • Source: PR TIMES
  • Category: Survey
  • Organizations: PRIZMA