A study of nearly 20,000 employees at UC San Diego Health found that mandatory cybersecurity-awareness training had little to no impact on employees’ ability to avoid phishing attacks.

Across 10 simulated phishing campaigns over eight months, failure rates remained consistent regardless of how recently employees had completed their annual training.

Researchers noted that most employees spent less than a minute on training modules—or closed them immediately—undermining any potential benefit. (Editor’s note: Aware Force readers spend an average of 5x that amount of time with our cybersecurity content.)

Via Wall Street Journal (gifted article)