Security awareness training (SAT) is a cyber security solution that continues to rise in popularity as phishing attacks remain a prominent point of entry for attackers.
Cyber liability insurance, one of the driving forces behind demand, has led many insurance companies to now require security awareness training – although this wasn’t as common just six short months ago.
As acceptance of cyber liability insurance grows, security awareness training follows – with some insurance companies requiring SAT to be conducted quarterly. If your organization were to adopt both security awareness training and better documentation of procedures, insurance companies could even offer you a better rate.
How Does Security Awareness Training Work?
Ontech Systems partners with Webroot for security awareness training. On average, we typically see businesses run 3-4 phishing campaigns per month with a whopping 40-50% of employees clicking on a phishing email during the first few months.
This number drops down to roughly 20-30% after a few additional months and after one year, the average number of employees still falling for a phishing attempt typically decreases to roughly 5%.
Some companies take these results very seriously – to the point of terminating employees if they repeatedly fall for phishing emails despite regular training. While this might sound drastic, for businesses with sensitive data who are held to regulatory standards, it’s just not worth the risk given the financial consequences at stake.
What Industries can benefit from Security Awareness Training?
In many industries such as healthcare, banking, and legal, SAT was adopted early on due to compliance requirements. But this year, widespread acceptance can be seen throughout both private and public sectors thanks to new mandates requiring municipalities to implement security awareness training before the end of 2021.
What Type of Results can be Expected from SAT?*
- With computer-based training, click through rates on phishing emails can be reduced by up to 50% after just 12 lessons.
- Since introducing SAT to the market several years ago, Webroot Security Awareness Training data has shown consistent, measurable improvements in end user click-through rates in phishing simulations.
In fact, Webroot states that:
- Running 1-5 security awareness campaigns over 1-2 months showed an average click rate of 37% on phishing simulations.
- Running 6-10 campaigns and training over 3-4 months reduced the click rate to 28%.
- Running 11+ courses over 4-6 months dropped the rate to 13%.
Let’s do the math…
Based on this assessment, a reduction in clicks from 37% to 13% in just six months yields a dramatic 65% decrease in employees that would have otherwise compromised the network by clicking on a phishing email.
When you consider the negative consequences of a compromised network, there are a variety of factors such as productivity losses, man hours or investment in recovery, regulatory fines, loss of customer trust, and overall business reputation.
While it’s easy to think of this in terms of merely numbers, in real life – once an organization experiences a cyber-attack, the true importance of a user focused cyber security solution becomes crystal clear.
Get Started with a Network Security Assessment + 2 Months of SAT
If your greater Milwaukee organization could use a security checkup, consider beginning with a network security assessment from Ontech Systems that includes 2 months of security awareness training.
As they say, “the proof is in the pudding” and you can watch click through rates within your organization decrease in real time – and furthermore – identify potential security risks in your network.