CMD+CTRL Security, a leader in software security training, today shared the results of a sponsored study conducted with Wakefield Research that found while software security training is a priority for the majority of cybersecurity executives, that training is often limited to developers. The “Enhancing Cybersecurity: The Critical Role of Software Training” study found that 89% of developers dedicate a minimum of six hours per year to software security training, compared to only 18% of other stakeholders within the SDLC lifecycle.
Software vulnerabilities can have a significant impact on businesses. In the study, executives noted the key drivers that lead them to implement training include customer satisfaction/churn (48%), delayed time to market (46%), and financial costs (45%). With these issues as top concerns, it is not surprising that the majority of cybersecurity executives (63%) who took part in the study spend between $1M and $4M annually on software security training, with almost all of them (97%) providing some software security training for their IT and software development teams.
Challenges in Building a Security Culture
The top reasons for investing in training include building a security culture within their organization (51%), followed by compliance requirements (50%), and addressing skills gaps (49%). Recent exploits and increased risk from third parties were less important drivers (43% and 41% respectively). Despite recognizing the need, almost half of all executives (48%) struggle to find software security training that covers all software development roles, and many have trouble balancing training with other priorities (44%).
“These results indicate that cybersecurity executives clearly recognize the need for software security training, but often lack the ability to provide customized training solutions leading them to either focus only on developer training, or to offer more broad-based training programs that aren’t as effective,” said Jeffrey Emig, CEO of CMD+CTRL Security. “Our Base Camp platform offers role-based training for stakeholders across the SDLC that meets stakeholders where they are in their learning journey and keeps them engaged in training through realistic simulations and incentivized learning programs that make software security training enjoyable for employees and easy for executives to implement.”
Other key study findings include:
- Infrequent Training Opportunities—44% of executives say software security training is offered infrequently.
- Citizen Developers Risk—46% of organizations surveyed have citizen developers using low-code or no-code software without understanding its vulnerabilities.
- AI Oversight—Despite potential efficiency gains from deploying AI tools, most cybersecurity executives (95%) agree that human oversight and governance are required as part of the software development process.
The CMD+CTRL Security Base Camp Training Platform
More than 300 companies and over one million participants have enhanced their skills with CMD+CTRL Security’s award-winning training, from Global 100 software companies to mid-size tech companies, financial services firms, and retailers. CMD+CTRL Security is ranked as a leader in the Fall 2024 G2 Grid® Report for Secure Code Training, and was recently named a finalist in the cybersecurity training category for Cyber Defense Magazine’s 2024 Top InfoSec Innovators awards.
About the Study
Wakefield Research, a third-party, independent research firm, conducted the survey among 250 cybersecurity executives, with a minimum seniority of director, at companies with at least 250 employees that develop or use proprietary software for their internal or consumer use, or heavily customize existing software for internal or consumer use, from August 2-9 online and via email.
About CMD+CTRL Security
CMD+CTRL Security, headquartered in Wilmington, Mass., is a pioneer in software security training. For more than two decades organizations of all sizes, from mid-sized to Global 100 companies, have relied on our training solutions to transform their software security. Our role-based modules, skill labs, and hands-on cyber ranges are designed to build skills that stick. Visit cmdnctrlsecurity.com to learn how we can help you launch a best-in-class training program.
All trademarks are the property of their respective owners.
View source version on businesswire.com: https://www.businesswire.com/news/home/20241029229591/en/