Security Awareness Training: Small Investment, Large Reduction in Risk
This report by The Aberdeen Group shows Wombat's solutions for security awareness and training can reduce business risk and impact by up to 50%
In this report jointly-published by The Aberdeen Group:
The leading driver for enterprise investments in security awareness and training for their users is to reduce cyber security risk related to user behaviors. This raises an important question: On what basis is the business decision to invest in security awareness and training being made?
For the private sector, Aberdeen’s Monte Carlo analysis estimates the annualized business impact of phishing attacks – based on the lost productivity of 1K users and a data breach of 100k to 1M records – to be between $0 and $10M, with a median of about $250K.
For the same scenario, an investment in security awareness training results in a median recution in the annualized risk of phishing attacks of about 50%, a median annual return on investment of about 5 times, and a reduction in the potentially catastrophic “long tail” of risk by about $6M.
For the same scenario, Aberdeen’s Monte Caro analysis provides the additional insight that a modest investment in security awareness and training for all users (about $28K) has a 72% likelihood of a significant reduction in the business impact of phishing attacks (as high as $6M).
What this means for infosec professionals:
Get buy-in for a security awareness and training program by showing a potential annual return on investment
View the different likelihoods and financial implications of end user risks, and potential reductions in risk that can be achieved with Wombat’s solutions for security awareness and training
Find out your risk with our #RiskyBusiness calculator. Receive a personalized risk reduction assessment based on your inputs.