NSS Smart Consulting Co., Ltd. (Shinjuku, Tokyo; CEO: Eisuke Ando) conducted a survey on 'The Penetration of Information Security Education and Employee Awareness' targeting employees who handle PCs and IT systems in their daily work.

Every spring, many companies launch training programs for new employees. In today's digitalized business environment, 'Information Security Education' is one of the most critical programs for protecting an organization.

Recently, cyberattacks have become increasingly sophisticated, as seen in the large-scale attacks on major corporations reported in 2025 and the surge in CEO fraud (business email compromise). To protect a company from these threats, it is essential to improve the literacy of every individual employee, not just implement system-level measures.

However, how to practice and sustain the knowledge learned in training amidst the daily grind is a common organizational challenge. Therefore, NSS Smart Consulting, which operates the ISO support site 'ISO Pro' (https://activation-service.jp/iso/), surveyed employees regarding their security awareness.

Survey Overview: - Period: March 18–19, 2026 - Method: Internet survey via PRIZMA - Respondents: 1,025 employees handling IT systems

Key Findings: 1. While about 40% receive regular training, 60% only 'vaguely understand' the content due to complex terminology. 2. About 20% of employees attempt to 'self-resolve' security mistakes rather than reporting them, creating a secondary damage risk. 3. The primary reasons for risky behavior are 'busyness' and 'complacency.'

To address these issues, employees are calling for unified company-wide standards, practical experiential training, and clear, accessible consultation channels.

FACT BOX

  • Source: PR TIMES
  • Category: News