Cyber Workforce Benchmark
March 8, 2022

Measuring global human cyber capabilities: Report

a computer circuit with many lights on itlong exposure image of man walking by blue panels

As a company, we make it our mission to help organizations measure and improve the cyber capabilities of their workforce.

For this reason, it brings me great pleasure to bring our inaugural Cyber Workforce Benchmark to the world.

Providing a consolidated view of the human cyber capabilities inside 2,100 organizations, it analyzes the data from over 500,000 exercises and simulations from the last 18 months.

Featuring input from industry luminaries as well as experts in human behavioral psychology, cybersecurity, DevOps and crisis response, we believe it to be the industry’s first analysis of cyber knowledge, skills and judgment at scale.

The data gives us a fascinating view of some of the industry’s burning questions around human capability in cybersecurity, including:

  • The gap between threats emerging in the wild and cybersecurity teams having the capabilities to address them is a worrying three months on average. When contrasted with government advice on patching technology, which measures recommended times in hours and days, this is concerning for the industry.
  • A consolidated picture of exactly what threats cybersecurity teams at large organizations are upskilling around and what drives them. This includes the latest malware, threat groups and is all mapped to MITRE for ease of understanding.
  • The frequency of crisis response exercising across sectors cross-referencing cadence, numbers of participants and quality of decision making as well as confidence in responses around ransomware.
  • An insight into the human capabilities of development teams. Featuring a data-based analysis of the threats they are learning to counteract, as well as insights into the most common programming languages across sectors.
  • Finally, a look into the development of the ‘talent of tomorrow’, pulling apart the data on what up and coming cybersecurity professionals are most engaged with and how this matches up to enterprise teams.

It is our hope that, by producing this analysis, we can help further industry understanding of the role human capabilities play in cyber-attack mitigation inside large organizations.

For too long, knowledge, skills and judgment has been an underplayed part of the risk equation, precisely because it cannot be measured effectively. Only by understanding the cyber capabilities of the entire workforce can we address this balance.

To download the full report, please head here.

James Hadley,
CEO of Immersive Labs

Trusted by top companies worldwide
to enhance cybersecurity

Trusted by some of the world’s biggest brands, we’re committed to taking your cybersecurity readiness to the next level - and we’re just getting started.

What Our Customers
Are Saying About Immersive

Realistic simulation of current threats is the only way to test and improve response readiness, and to ensure that the impact of a real attack is minimized. Immersive’s innovative platform, combined with Kroll’s extensive experience, provides the closest thing to replication of a real incident — all within a safe virtual environment.

Paul Jackson
Regional Managing Director, APAC Cyber Risk, Kroll

The speed at which Immersive produces technical content is hugely impressive, and this turnaround has helped get our teams ahead of the curve, giving them hands-on experience with serious vulnerabilities, in a secure environment, as soon as they emerge.

TJ Campana
Head of Global Cybersecurity Operations, HSBC

We no longer worry about managing infrastructure, leaving us free to build great courses.

Daniel Duggan
Director, Zero-Point Security

Ready to Get Started?
Get a Live Demo.

Simply complete the form to schedule time with an expert that works best for your calendar.