It’s not how much effort you’ve put into training employees, how fast your servers are or how up-to-date your software may be. Cyber security awareness programs often fail because readiness is what matters most.
Most organizations invest heavily in awareness programs that encourage employees to excel on tests and to keep security best practices in mind. Yet as readiness is skill-dependent and not awareness-dependent, most of these programs ultimately lead to high levels of awareness and regrettably low levels of performance. When it comes to phishing readiness, the true measurement is hindsight: did you know what to do, and did you react accordingly?