fbpx

Add a Major Security Asset at a Great Value with Security Awareness Training

Cyberattacks are on the rise. Forbes reports that businesses suffered 50% more cyberattacks per week in 2021 than in any prior year. Unfortunately, far too many of those attacks are successful thanks to one major source of risk for every business: human beings. More than 90% of cyberattacks are successful because of human error. From opening a dodgy email to handing over their credentials, employees are a consistent gateway for cyberattacks and a major driver of risk for businesses. However, it’s a risk that can be mitigated effectively and affordably with security awareness training.  

Training Transforms Employees Into Security Assets

Security awareness training gives employers the opportunity to add more eyes to their security team by empowering employees to recognize and avoid the common threats that they face every day. It’s also a smart investment that provides a big security boost without a major upfront cost. That empowerment pays off. From teaching data handling best practices to preventing an employee from downloading a ransomware-laden attachment, security awareness training is the key to building a strong defense against today’s biggest cybersecurity threats.   

Every organization is facing a rising tide of risk as cybercrime and its associated losses explode. The U.S. Federal Bureau of Investigation Internet Crime Complaint Center (FBI IC3) 2021 report offers an excellent snapshot of the danger that businesses face. IC3 received a record 847,376 complaints from U.S. businesses impacted by cybercrime in 2021, a 7% increase over 2020. But the total amount of loss is the real stunner, at a new record high of $6.9 billion in 2021, a whopping 48% increase over 2020. Drilling deeper, these statistics can give you a snapshot of the cyberattack risk that businesses face right now. 

  • 84% of businesses were the victims of a successful phishing attack in 2021, a 15% increase over the same 12-month period in 2020. 
  • The U.S. has incurred a 127% year-to-date increase in the number of ransomware attacks while the U.K. has seen a 233% surge in ransomware infections. 
  • The average cost of a breach is estimated at $ 4.2 million per incident, 10% higher than in 2020 and the highest recorded in the 17 years. 

Employees Who Are Uneducated About Security Are A Disaster Waiting To Happen

Unfortunately, many employees don’t have a clue about the importance of their behavior in maintaining security. An estimated 45% of respondents in a HIPAA Journal survey said that they don’t need to worry about cybersecurity safeguards because they don’t work in the IT department. 

Without the knowledge that they need to identify security problems, untrained employees are a ticking time bomb

Employees will fall for phishing 

Phishing is the catalyst for many of today’s nastiest cyber threats like business email compromise and ransomware. Unfortunately, many employees that don’t receive proper training are likely to fall for phishing tricks. 

  • 1 in 3 employees are likely to click the links in a phishing email 
  • 1 in 8 employees are likely to share information requested in a phishing email 
  • 60% of employees interact with suspicious email messages 

Security awareness and phishing simulation training is an effective measure to mitigate the risks that employees encounter daily. The more training employees receive, the better they get at spotting and avoiding security risks.  

Training Pays Off Fast

Researchers in a U.K. study discovered that the improvement in employee behavior that companies see when they engage in security awareness training is stark.  

  • At the beginning of the study, as many as 40% to 60% of the employees surveyed were likely to open malicious links or attachments.  
  • After about six months of security awareness training, the percentage of employees who took the bait dropped to 20% to 25%.  
  • When the employees completed three to six months more of security awareness training, only 10% to 18% of them fell for phishing messages.   

Ongoing training is essential for organizations to receive benefits like these. Each employee should receive 11 sessions per year.  

Security Awareness Training Offers An Amazing ROI

No one’s budget can support spending on a security measure that doesn’t get the job done. But that’s not something to worry about when it comes to security awareness training. It’s one of the best IT investments an organization can make with an impressive ROI. 

IT/Security Costs Before Security Awareness Training   

50 to 99 Emps 1,000+ Emps 
Annual IT payroll hours spent disinfecting workstations, networks 760.0  137.3  
Annual misc. incident remediation cost per email user  $29.23  $5.28 
Annual IT/security costs per email user  $7.51  $28.11 
Annual costs per email user $249.39 $455.41  

Source: Osterman Research, The ROI of Security Awareness Training 

IT/Security Costs After Security Awareness Training  

  50 to 99 Emps  1,000+ Emps  
Annual IT payroll hours spent disinfecting workstations, networks  565.5  120.5  
Annual misc. incident remediation cost per email user  $21.75  $4.63  
Annual IT/security costs per email user  $0.75  $2.81  
Annual costs per email user  $24.94   $45.54  
Cost of employee time spent in SAT   
  
$21.11   
  
$27.83  

 Source: Osterman Research, The ROI of Security Awareness Training 

Total ROI for Security Awareness Training 

Small and midsize businesses (SMB, 50 to 999 employee69% ROI
Large businesses (1,000+ employees)562% ROI

Source: Osterman Research, The ROI of Security Awareness Training 

5 More Big Benefits Of Training

These major security benefits are priceless. 

  • Companies that engage in regular security awareness training have 70% fewer security incidents.   
  • Security awareness training improves phishing awareness by an estimated 40%. 
  • A corporate data security training program saves businesses an average of $2.54 million in costs.   
  • Overall security-related risks are reduced by 70% when businesses invest in cybersecurity awareness training. 
  • 93% of employees said that well-planned employee training programs positively affect their level of engagement in security practices and procedures.