What makes a security awareness solution exceptional? Just one outcome: reducing the risk derived from human error. And with attackers targeting people more directly than ever, minimising this risk is becoming only more essential for organisations. Data from the World Economic Forum underscores the need for improvement: 95% of all cybersecurity issues can be traced back to human error.
The good news is that most organisations today are prioritising security awareness training for at least some, if not all, of their users. Research for the 2022 State of the Phish report from Proofpoint found that 99% of organisations around the globe have some type of security awareness programme.
Now, the bad news: Many of these programmes aren’t as effective as organisations may believe. That’s because many companies still rely on the training completion rate to measure the success of their security awareness programmes. But industry analysts are now encouraging security professionals to take a different approach: tracking real-world behavioural metrics that result in actual security outcomes.
A solution that works
Proofpoint recently won the 2022 CISO Choice Award for the security awareness training category. Why is that relevant to the discussion above? Because winning this award means that the Proofpoint Security Awareness Training solution is not only considered industry-leading, but it’s also generated security outcomes proven by customer data.
In fact, our customers, in just six months, saw a 40% decrease in the number of real-world malicious links that users clicked on. Here’s how Proofpoint arrived at and validated that figure.
Our study: the details
Proofpoint looked at 4 million users across almost 500 customers over a 12-month period in 2020 and 2021. The customers in our study were from all across the globe, representing 35 different industries spanning both the public and private sectors.
Many organisations will measure the decrease in click rates of simulated phish to help determine the effectiveness of their security awareness training program. However, for our study, Proofpoint chose to measure the click rates of real-world threats, as simulated phish could be biased for various reasons, such as the level of difficulty of the phishing template.
We also wanted to examine how security awareness training affects behaviour in the real world. Are users putting their knowledge and skills into practice where it matters most—in their mailbox—and clicking on fewer malicious links?
Our study looked at customers’ real-world click rates measured in the Proofpoint Targeted Attack Protection solution prior to those customers purchasing and implementing the Proofpoint Security Awareness Training solution.
We then compared that to the same click rates three and six months post-implementation. We found that customers that had adopted the Proofpoint Security Awareness Training solution saw, on average, a 31% decrease in the number of malicious links clicked on in just three months—growing to a 40% decrease after six months.
Augment your programme with managed services to drive results
The key to achieving these results — especially in 90 days — is to get your organisation’s security awareness program up and running quickly.
Like many organisations, your business probably has a short supply of security professionals. But don’t let that be a barrier to starting your programme. Proofpoint can provide support: Our managed services team works with some of our most discriminating clients with complex organisational structures and requirements. And in our recent study, we saw the same reductions in end user risk with customers leveraging our managed services.
Our managed services team makes it easy for your organisation to launch a best-practice program from day one, and they’ll help ensure you can experience the fastest decrease in end user risk as possible.
Measuring and communicating the impact of your security awareness programme to executives is not always easy. To learn about how you should measure security awareness impact for long-term success, download our Measuring Security Awareness Impact for Long-Term Success eBook.