It’s well understood that employees are often the weakest link in the cyber security chain, and while many companies are working to improve the way their workers respond to cyber threats, there is still room for improvement. According to a recent report released by the Ponemon Institute, about 54 percent of companies have privacy and data protection awareness training for employees who have access to sensitive information, up 10 percent from the Institute’s last survey in 2013. While this is encouraging, there is still work to be done. “Companies can do a lot better,” Eric Cernak, cyber risk practice leader at Munich Reinsurance America, said. “Many companies probably do a pretty good job of training during the onboard process, when they bring in new employees. The problem is they don't keep things really up to date. They don't do training on an annual basis.” Keeping things up to date, Cernak said, is key. Experts say training needs to be ongoing and should be updated to stay current with real-world threats. Cyber criminals, and their tactics, are constantly evolving, and in order to keep networks safe, employees must be made aware of the constantly changing threats.