Wilmington, Mass. – October 29, 2024 – CMD+CTRL Security, a leader in software security training, today shared the results of a sponsored study conducted with Wakefield Research that found while software security training is a priority for the majority of cybersecurity executives, that training is often limited to developers. The “Enhancing Cybersecurity: The Critical Role of Software Training” study found that 89% of developers dedicate a minimum of six hours per year to software security training, compared to only 18% of other stakeholders within the SDLC lifecycle.
Software vulnerabilities can have a significant impact on businesses. In the study, executives noted the key drivers that lead them to implement training include customer satisfaction/churn (48%), delayed time to market (46%) and financial costs (45%). With these issues as top concerns, it is not surprising that cybersecurity executives who took part in the study spend between $1M and $4M annually on software security training, with almost all of them (97%) providing some software security training for their IT and software development teams.
Challenges in Building a Security Culture
The top reasons for investing in training include building a security culture within their organization (51%), followed by compliance requirements (50%), and addressing skills gaps (49%). Recent exploits and increased risk from third parties were less important drivers (43% and 41% respectively). Despite recognizing the need, almost half of all executives (48%) struggle to find software security training that covers all software development roles, and many have trouble balancing training with other priorities (44%).
“These results indicate that cybersecurity executives clearly recognize the need for software security training, but often lack the ability to provide customized training solutions leading them to either focus only on developer training, or to offer more broad-based training programs that aren’t as effective,” said Jeffrey Emig, CEO of CMD+CTRL Security. “Our Base Camp platform offers role-based training for stakeholders across the SDLC that meet stakeholders where they are in their learning journey and keep them engaged in training through realistic simulations and incentivized learning programs that make software security training enjoyable for employees and easy for executives to implement.”
Other key study findings include:
- Infrequent Training Opportunities—44% of executives say software security training is offered infrequently.
- Citizen Developers Risk—46% of organizations surveyed have citizen developers using low-code or no-code software without understanding its vulnerabilities.
- AI Oversight—Despite potential efficiency gains from deploying AI-tools, most cybersecurity executives (95%) agree that human oversight and governance is required as part of the software development process.
The CMD+CTRL Security Base Camp Training Platform
More than 300 companies and over one million participants have enhanced their skills with CMD+CTRL Security’s award-winning training, from Global 100 software companies to mid-size tech companies, financial services firms, and retailers. CMD+CTRL Security is ranked as a leader in the Fall 2024 G2 Grid® Report for Secure Code Training, and was recently named a finalist in the cybersecurity training category for Cyber Defense Magazine’s 2024 Top InfoSec Innovators awards
About the Survey
The study’s findings stem from a survey of 250 cybersecurity executives, with a minimum seniority of director, at companies with at least 250 employees that develop or use proprietary software for their internal or consumer use, or heavily customizes existing software for internal or consumer use, from August 2-9 online and via email.