Wombat Security Awareness Training Enables 89% Reduction in Susceptibility

Last week, we were excited to share the results of our most recent customer case study, which explains how our security awareness training portfolio helped an employee benefits provider realize an 89% reduction in phishing susceptibility after consistent use of assessments and training.

The organization first engaged with Wombat by performing a proof of concept (POC) exercise, which revealed a phishing click rate of just under 20% — higher than the 13% average end-user click rate revealed by the data we gathered for our 2017 State of the Phish Report.

“We recognized the need for security awareness training, and we had complete executive and board-level buy-in before we even started to define the scope of how we would deliver it,” said the organization’s IT systems manager. “When we started to define the project, we did a project charter with an execution plan and a communications plan. We defined a program that included Wombat’s security awareness and training products as core components, but they are not the only pieces of our program. We are really comprehensive in our approach and execution.”

Get your copy of the case study

The Results

The benefits provider’s IT team developed and delivered a comprehensive, organization-wide security awareness and training program that leverages the benefits of our Continuous Training Methodology and includes regular phishing simulations and knowledge assessments, quarterly employee training assignments, consistent tracking and biannual reporting, and regular reinforcement of key principles.

After one year, the organization’s click rate had fallen from 20% (established in the POC) to 5%. Just prior to hitting the 15-month mark, the lowest click rate was registered at 2%, which is an 89% reduction in susceptibility. In addition to numerical results, the association has recognized administrative and organizational advantages from the program, including simplified Board reporting and external auditing.

Overall, the association is focused on delivering a program that tests susceptibility to different phishing threat vectors — like malicious links, attachments, and data entry requests — and helps drive measurable improvements over the long term. The important thing, the IT systems manager noted, is for the organization to continue to get a better understanding of where its vulnerabilities lie and work to manage end-user risk.

For an in-depth look at how this and other customers have lowered their susceptibility to phishing attacks, as well as their rates of malware infection and frequency of IT helpdesk calls, visit our website.