Insider Threat Management

Best Practices for Cybersecurity Budgeting: Awareness Training

Share with your network!

Often when security budgets are compiled, the focus is on staffing and technology. However, there is one important area of cybersecurity budgeting that can actually have a big impact on the organisation, yet is often overlooked.

In today’s regulatory climate, the potential cost of an Insider Threat-caused breach can be business-threatening, so there is a massive upside to using employee cybersecurity awareness training to decrease your overall risk of incidents. In other words, you may want to consider how the costs of prevention weigh against the costs of a breach and make your budgetary decisions with this in mind.

Cybersecurity awareness training, when done right, can both prevent many accidental Insider Threats from taking place and increase the odds that team members who witness a malicious Insider Threat report it. 

Cybersecurity awareness training can therefore prevent quite a few expenses related to Insider Threat investigations and incident response, as well as decrease the organisation’s overall risk of financial and reputational damage.

Cybersecurity Budgeting for Awareness Training

Awareness training isn’t free per se, but when taken in the overall context of how it can prevent threats from evolving, it almost certainly pays for itself. Today, let’s take a deeper look at how to think about cybersecurity budgeting when it comes to awareness training. 


To begin with, you’ll need to earmark a portion of your personnel budget to cover the person or people who will conduct security training. Depending on the size and nature of your organisation, the people who lead security training may be full-time SOC staff, security analysts, or IT generalists. In some cases, it may make sense to bring in third-party consultants to provide training if there is not sufficient expertise in-house, or if your in-house employees are simply too busy to take on this work. 

Additionally, it should be part of the job description of any IT and security personnel to continually provide guidance and awareness to employees with regard to security. An open door policy and/or a Slack channel for security can be a good way to ensure that employees who have questions about security policies ask them before committing a violation, as well as increase the odds that employees will report suspicious behaviour they witness. 

Personnel costs should be baked into your overall security budget and reviewed on an annual or more frequent basis. 

Proactive Security Training Programs

In general, most businesses should provide all employees with two types of security training programs: Security onboarding that is required for all new employees, and regular all-hands meetings that provide reminders around security policies and best practices. 

Of note, this is not taking place at most organisations. In a recent Ponemon study, respondents admitted that organisation-wide security guidelines are unclear, and many companies are failing to educate employees about cybersecurity best practices. For example, 49% of survey respondents said they’re either unaware of travel-related cybersecurity guidelines or their company doesn’t have any. All organisations should provide basic security training to their employees and make the expectations and responsibilities of each employee as clear as possible. 

Your team may also require some more specialised training for IT or security teams and need to have more information and tools at their disposal. These types of training should also be accounted for in your overall security budget.

Real-Time User Education

Even organisations that do offer security awareness training often neglect to consider the reality that the best educational opportunities happen in real time. Because 64% of all Insider Threat incidents are caused by negligent users, providing real-time user reminders of out-of-policy behaviours is a very effective way to stop them and reduce risk. 

For example: If an insider opens up a tool that the business has determined is not appropriate for at-work usage, such as a personal Dropbox account, a prompt can be sent notifying them this behaviour is against security policy. You can provide examples of approved alternatives to that tool, as well as an acknowledgement checkbox to ask the employee to indicate that they understand that their action was inappropriate.

This type of real-time security awareness training is one of the most powerful and effective techniques that can be provided, and so investing in tools should be part of your overall cybersecurity budgeting.

Proactive Awareness is the Way Forward

Proofpoint ITM makes proactive user awareness training easy, with optional policy reminders and warning prompts for improving insider cybersecurity awareness. Proofpoint ITM also helps teams block out-of-policy user activity, using policy reminders, warning prompts, and robust app-blocking controls.

Start preventing Insider Threats

Our easy-to-use Insider Threat investigation, detection, and prevention solutions can help your team obtain crucial visibility and minimise risk of a costly incident.