As a company, we make it our mission to help organizations measure and improve the cyber capabilities of their workforce.   

For this reason, it brings me great pleasure to bring our inaugural Cyber Workforce Benchmark to the world.

Providing a consolidated view of the human cyber capabilities inside 2,100 organizations, it analyzes the data from over 500,000 exercises and simulations from the last 18 months.

Featuring input from industry luminaries as well as experts in human behavioral psychology, cybersecurity, DevOps and crisis response, we believe it to be the industry’s first analysis of cyber knowledge, skills and judgment at scale.

The data gives us a fascinating view of some of the industry’s burning questions around human capability in cybersecurity, including:

  • The gap between threats emerging in the wild and cybersecurity teams having the capabilities to address them is a worrying three months on average. When contrasted with government advice on patching technology, which measures recommended times in hours and days, this is concerning for the industry.
  • A consolidated picture of exactly what threats cybersecurity teams at large organizations are upskilling around and what drives them. This includes the latest malware, threat groups and is all mapped to MITRE for ease of understanding.  
  • The frequency of crisis response exercising across sectors cross-referencing cadence, numbers of participants and quality of decision making as well as confidence in responses around ransomware.
  • An insight into the human capabilities of development teams. Featuring a data-based analysis of the threats they are learning to counteract, as well as insights into the most common programming languages across sectors.
  • Finally, a look into the development of the ‘talent of tomorrow’, pulling apart the data on what up and coming cybersecurity professionals are most engaged with and how this matches up to enterprise teams.  

It is our hope that, by producing this analysis, we can help further industry understanding of the role human capabilities play in cyber-attack mitigation inside large organizations. 

For too long, knowledge, skills and judgment has been an underplayed part of the risk equation, precisely because it cannot be measured effectively. Only by understanding the cyber capabilities of the entire workforce can we address this balance.

To download the full report, please head here.

James Hadley,
CEO of Immersive Labs

Check Out Immersive Labs in the News.


March 8, 2022


Immersive Labs