The 2025 Security Awareness Training Benchmark Report
Trends, Benchmarks & Performance Analysis from 4,000+ Organizations
Watch an On-Demand Demousecure | Leader in Human Risk Management
Executive Summary
As cyber threats escalate and compliance pressures mount, reducing human risk has become a top priority. This report analyzes 2024 data from 4,231 organizations to reveal how Security Awareness Training (SAT) is evolving — with clear trends in participation, engagement, and improved learner outcomes.
Key findings show increased training adoption, higher completion rates, and stronger scores across the board. Organizations delivering consistent monthly training saw the greatest gains, highlighting the value of ongoing education.
These insights offer IT teams and MSPs a data-backed guide to improving SAT strategy and building long-term cyber resilience.
The findings regarding the year of 2024 in this report are based on empirical data collected from usecure's database, collected from real-world training data. Our 2024 dataset includes a representative sample of 4,231 organizations that participated in security awareness training across different countries, regions and industries, ranging from small businesses to large enterprises.
Additionally, the findings regarding overall SAT performance from 2019 to 2024 are based on the same empirical data collected from the same database. Capturing long-term trends in training participation and performance allows for a more comprehensive analysis of how security awareness has evolved over time. This consistency in data sources ensures that the insights are reliable.
Data Masking. To protect the privacy and confidentiality of our learners, we use obfuscation and anonymized identifiers to prevent exposure of their real names while still allowing the key trends and insights to be shared. This approach aligns with our strict data protection policy and aims to reduce any potential reputational or security risks for the organizations involved. If necessary, the names can be revealed internally within a controlled environment.
Summary of Key SAT Findings
4,231 organizations were analyzed, showing clear improvements in participation and performance — highlighting a positive trend in SAT engagement across most organizations.
Consistent monthly training drives greater success
33.7% of organizations (1,428) trained users monthly throughout 2024. The Top 3 organizations achieved score improvements of +44.7%, +60.81%, and +80.8% through consistent training.
Evolving patterns in SAT adoption
SAT participation has surged year-over-year since 2019. Thousands of new learners joined SAT programs in 2024, and SAT is rapidly becoming a standard cybersecurity practice across industries.
SAT Adoption Surges Across Sectors
Total security awareness training participation in 2024 indicates a substantial increase in engagement with security awareness training.
A significant number of organizations (88%, 3,722 organizations) increased participation in security awareness training over 2024. This suggests growing engagement and recognition of the importance of training.
The most common increase bracket was "100+" learners per organization, meaning many organizations significantly expanded their training efforts.
The surge highlights a heightened interest and commitment to security awareness initiatives, reinforcing the importance of continuous training in enhancing organizational cybersecurity resilience. Organizations are investing more in training, showing a shift toward continuous improvement.
Engagement Deepens: More Learners, More Completions
Training data from 2024 shows a significant increase in training engagement across all organizations. Started and completed training sessions have been increasing steadily over time.
The total number of started sessions grew from 1,052,637 initially to 1,753,895 at the end of 2024, reflecting a significant growth of 66.62% (701,258 more started sessions).
The total number of completed sessions grew from 789,512 initially to 1,342,407 at the end of 2024, representing a 70.02% increase (552,895 more completed sessions).
The completion rate improved from 75% to 76.5% in 2024, indicating a slight but meaningful increase. While the 1.5% increase may seem small, in absolute numbers it represents thousands of additional completed training sessions, contributing to a more security-aware workforce.
What's Driving Higher Training Engagement?
One key factor driving this increase in training engagement is that the completion rate is improving, as evidenced by the sharp increase in completed sessions. This suggests that more users are completing their training compared to the beginning of the year, potentially due to improved training content, greater user motivation, or stronger internal policies encouraging completion.
Additionally, the statistics indicate that training demand is increasing over time, with both started and completed training sessions showing steady growth. This trend reflects a rising awareness of training requirements, driven by organizations prioritizing security awareness and the growing influence of regulatory or compliance-driven training mandates.
Modernized, relevant content is keeping learners engaged and motivating them to complete sessions. Better training = more engagement.
Many companies are prioritizing training through policy changes, reminders, and performance tracking — not just box-ticking. Internal policies boost uptake.
A growing number of businesses are responding to new compliance requirements by increasing training activity. Regulatory mandates are kicking in.
Consistent growth in both training starts and completions reflects a strong upward trend in SAT adoption — an uptick in sessions started and completed.
Stronger Scores Reflect Rising Cyber Awareness
In 2024, a clear majority of organizations achieved stronger security awareness training (SAT) scores, reinforcing the impact of continuous learning and employee engagement.
85.7% of organizations (3,626 organizations) saw improved SAT scores compared to previous results. This widespread uplift highlights the powerful link between consistent participation and enhanced security awareness across industries.
Among those who improved, the average score increased by 4.02 points, showing that SAT programs are not only being completed more frequently — but are also working.
These results show improved understanding of cyber risks and best practices among employees, helping organizations build a more resilient security culture.
A clear link between engagement and knowledge improvement
A significant 76.65% of organizations (3,243 organizations) demonstrated both higher participation and improved scores, while only 23.35% either maintained their previous performance or had mixed results.
Insight. This trend suggests that more frequent and consistent training enhances knowledge retention, reinforcing the effectiveness of security awareness programs in improving overall cybersecurity preparedness.
Where Training Took Off: 10 Notable Engagement Leaders
Several organizations demonstrated a significant increase in training engagement, highlighting a growing commitment to security awareness. Here are notable performers in 2024.
How Monthly Training Builds Resilience
We recommend deploying training sessions every four weeks for optimal engagement and retention.
In 2024, we found that the top-performing 33.75% of organizations (1,428 organizations) adopted monthly training schedules, consistently training every month. This group of organizations demonstrated a strong commitment to cybersecurity awareness, reinforcing best practices and reducing human risk.
Organizations looking to enhance their security posture can follow this proven approach to drive continuous improvement and resilience.
Standout Performers: The ROI of Regular Training
The top-performing 33.75% of organizations with consistent monthly training sessions demonstrated a large improvement between their initial and final scores. Here are our top 3 organizations with the best improvement thanks to regular monthly training sessions.
| Organization | Initial Score | Last Score | Improvement (Points) | Improvement (%) |
|---|---|---|---|---|
| Organization G | 50.0 | 90.4 | +40.4 points | +80.8% |
| Organization P | 50.0 | 80.9 | +30.9 points | +61.8% |
| Organization F | 60.0 | 86.8 | +26.8 points | +44.7% |
Automated reminders, enhanced reporting, and greater leadership visibility into training engagement are key strategies to organizations looking to implement more consistent SAT and strengthen their cybersecurity defense.
Long-Term Growth: How SAT Became a Cybersecurity Standard
Since 2019, the number of organizations participating in our Security Awareness Training (SAT) has expanded at an extraordinary pace.
Today, participation is more than 120 times higher than when we first began tracking, demonstrating a widespread and growing commitment to cybersecurity education. Over the past six years, customer engagement has consistently surged, with participation nearly doubling at each stage of growth.
The steep upward trend suggests that awareness training has transitioned from being optional to an industry standard. This exponential growth also indicates that organizations are increasingly recognizing the importance of employee security awareness as a critical defense mechanism against cyber threats — and thus, more and more companies are investing in SAT.
A record-breaking year for first-time participation
In 2024, we welcomed the highest number of new organizations to our Security Awareness Training (SAT) program – a 30 times increase compared to 2019, marking a record-breaking year for first-time participation.
The trend over the years reflects a steady rise in adoption, with 2024 standing out as a milestone moment. This surge in new participants underscores the growing recognition of security awareness training as an essential component of organizational cybersecurity strategies.
A steady rise in adoption, with 2024 standing out as a 30× increase over the 2019 baseline — the highest number of new organizations welcomed in a single year.
Conclusion: SAT is Essential for Human Risk Reduction
The data is clear: organizations that consistently invest in Security Awareness Training (SAT) see real results. As cyber threats grow and compliance standards become stricter, training your employees is no longer optional — it's essential.
This report highlights how thousands of businesses have strengthened their security posture through regular, engaging, and effective SAT programs. The most successful organizations are those that treat training as an ongoing priority, not a one-time task.
Security is a shared responsibility — and empowering your team with the right training is the first step toward long-term protection.
By committing to continuous SAT, your organization can:
The #1 cause of cyber breaches.
Like GDPR, ISO 27001, and NIS2.
Against phishing, data loss, and emerging threats.
Through measurable improvements in scores and engagement.
About usecure: Enabling Smarter Human Risk Management
Founded in 2016, usecure is the leading Human Risk Management (HRM) platform, trusted by IT leaders worldwide. Our mission is to turn users into an organization's strongest line of defense — transforming human risk into a human firewall.
Designed for MSPs and SMBs, usecure's automated platform brings together four core modules to identify vulnerable users, enforce compliance, and monitor risk behaviour.
uLearn
Security awareness training.
uPhish
Phishing simulation.
uPolicy
Policy management.
uBreach
Breach monitoring.
See the leading human risk management solution in action
Trusted by leading MSPs and internal IT teams.
Watch an On-Demand Demo