Security awareness training is rapidly shifting from a compliance formality to a proven risk‑reduction strategy, according to the newly released 2025 Security Awareness and Training Global Research Report from Fortinet. Based on insights from 1,850 senior IT and security leaders across 29 countries — including India — the findings show that organisations investing in structured, continuous training are reporting up to a 67% decrease in cyber intrusions, incidents and breaches.
While organisations appear to be making measurable progress in cyber resilience, the report warns of persistent weaknesses in employee readiness, training completion rates, and alignment between training content and evolving threats.
AI Is Increasing Awareness But Not Readiness
The rise of AI‑powered attacks has pushed cybersecurity discussions into boardrooms and employee workflows alike. Nearly 90% of respondents say AI-driven threats have heightened employee awareness of the importance of training. However, only 40% believe their workforce is adequately prepared to spot and respond to AI-based threats.
Most organisations are now training employees on the responsible use of GenAI tools, monitoring sensitive data usage, and rolling out dedicated AI security policies. The challenge, the report notes, is not direction but execution.
“Security awareness training is increasingly a frontline defence against cyber risks in an AI‑driven threat landscape.” — Vishak Raman, Fortinet
Insider Risks Gain Urgency
External attacks remain the primary motivator for investing in awareness programs, cited by over 40% of leaders. But insider risk accidental or intentional is rising sharply, with more than one‑quarter of organisations naming it a key driver for adopting training initiatives.
Training priorities now span data security, privacy, AI tools and AI-enabled threats, reflecting a closer link between real-world risks and employee education.
Training Works – When It Is Completed
Organisations that deploy structured, recurring training supported by simulations and assessments are seeing clear reductions in incidents. Yet, low completion rates remain a significant barrier. Nearly 70% of leaders say employees still lack sufficient security awareness despite investments.
Shorter modules, micro-learning, stronger accountability and leadership visibility are emerging as critical success factors.
A Cultural Shift Toward Security
The report highlights a growing consensus: security awareness is no longer just an IT responsibility. Leaders increasingly view it as an organisation-wide cultural imperative.
“India’s rapid digitisation is transforming industries and government services,” said Vishak Raman, Vice President of Sales for India, SAARC, SEA and ANZ at Fortinet. “As organisations adopt AI and cloud platforms at scale, building a cyber‑aware workforce through continuous training will be essential to safeguarding India’s digital future.”