Security Awareness training is most effective when repeated every six months

Awareness training in the field of cybersecurity and phishing must be repeated after approximately six months to ensure that employees continue to recognize phishing emails properly. This is evident from a study that was carried out by a number of German universities at an organization from the public sector. In Germany, public organizations are required to implement an information security management system (ISMS) to increase employee awareness of information security. The research focused on the question of how effective these awareness training courses will still be over time. To this end, it was periodically tested whether employees were able to recognize phishing emails.
The research showed that the participants were still perfectly capable of recognizing phishing emails after four months. That was no longer the case if the phishing training was six months or more ago, ZDNet writes.

Read more about this: