Blog  /  Security Awareness

True or false? The cybersecurity quiz your team will actually want to take.

Mungo Labs Apr 2026 Interactive

Cybersecurity is full of widely-held beliefs that the data simply doesn't support. Some of these myths are harmless. Others lead to decisions that create real risk — for individuals and for organisations. 8 statements below. Click True or False. Find out where the conventional wisdom is wrong.

Score 0 / 8
8 to go
Question 1 of 8
"Small businesses are less likely to be targeted by cybercriminals because they're not worth the effort."
Question 2 of 8
"Using a strong, unique password for every account means you don't need multi-factor authentication."
Question 3 of 8
"Phishing emails are easy to spot — they're full of spelling mistakes and look obviously suspicious."
Question 4 of 8
"Most data breaches involve a human element — not just technical vulnerabilities."
Question 5 of 8
"Antivirus software is enough to protect your organisation from modern cyberattacks."
Question 6 of 8
"The majority of insider threats are accidental — not malicious employees intentionally stealing data."
Question 7 of 8
"Once a company is breached, they'll detect it within a day or two."
Question 8 of 8
"Security awareness training reliably changes employee behaviour in the long term."
0/8
Questions correct

Let's see how you did.

The takeaway

If this quiz surprised you, you're in good company. Most of these myths are held by people who are otherwise careful and thoughtful about security. The problem isn't knowledge — it's that the mental models most employees carry about cybersecurity were shaped in an era that no longer exists.

Today's attacks are sophisticated, personalised, and designed to succeed against people who are paying attention. AI-generated phishing emails are indistinguishable from legitimate ones to the human eye. Small businesses are disproportionately targeted precisely because attackers assume they have weaker defences. Breaches go undetected for months because most organisations lack the visibility tools to catch them sooner.

The shift that actually makes a difference isn't more training — it's better intelligence at the moment of risk. Warnings that are specific, timely, and meaningful. Interventions that arrive when a decision is still being made. A workforce that understands what's actually happening in the threat landscape and what to do when something doesn't feel right.

Myth-free security starts at the human layer — with intelligence that arrives at the right moment, not assumptions about what attacks look like.

Schedule a Discovery Call →
← Back to all posts