Proofpoint Security Awareness Training

Real-World Study: Effective Results from Proofpoint Security Awareness Customers

Share with your network!

What makes a security awareness solution exceptional? Just one outcome: reducing the risk derived from human error. And with attackers targeting people more directly than ever, minimizing this risk is becoming only more essential for organizations. Data from the World Economic Forum underscores the need for improvement: 95% of all cybersecurity issues can be traced back to human error.

The good news is that most organizations today are prioritizing security awareness training for at least some, if not all, of their users. Research for the 2022 State of the Phish report from Proofpoint found that 99% of organizations around the globe have some type of security awareness program. 

Now, the bad news: Many of these programs aren’t as effective as organizations may believe. That’s because many companies still rely on the training completion rate to measure the success of their security awareness programs. But industry analysts are now encouraging security professionals to take a different approach: tracking real-world behavioral metrics that result in actual security outcomes.

A solution that works

Proofpoint recently won the 2022 CISO Choice Award for the security awareness training category. Why is that relevant to the discussion above? Because winning this award means that the Proofpoint Security Awareness solution is not only considered industry-leading, but it’s also generated security outcomes proven by customer data. 

Winner Plaque for 2022 CISO Choice Awards for Security Awareness Training

In fact, our customers, in just six months, saw a 40% decrease in the number of real-world malicious links that users clicked on. Here’s how Proofpoint arrived at and validated that figure.

Our study: the details

Proofpoint looked at 4 million users across almost 500 customers over a 12-month period in 2020 and 2021. The customers in our study were from all across the globe, representing 35 different industries spanning both the public and private sectors. 

Many organizations will measure the decrease in click rates of simulated phish to help determine the effectiveness of their security awareness training program. However, for our study, Proofpoint chose to measure the click rates of real-world threats, as simulated phish could be biased for various reasons, such as the level of difficulty of the phishing template.

We also wanted to examine how security awareness training affects behavior in the real world. Are users putting their knowledge and skills into practice where it matters most—in their mailbox—and clicking on fewer malicious links?

Our study looked at customers’ real-world click rates measured in the Proofpoint Targeted Attack Protection solution prior to those customers purchasing and implementing the Proofpoint Security Awareness solution. 

We then compared that to the same click rates three and six months post-implementation. We found that customers that had adopted the Proofpoint Security Awareness solution saw, on average, a 31% decrease in the number of malicious links clicked on in just three months—growing to a 40% decrease after six months.

Augment your program with managed services to drive results

The key to achieving these results — especially in 90 days — is to get your organization’s security awareness program up and running quickly. 

Like many organizations, your business probably has a short supply of security professionals. But don’t let that be a barrier to starting your program. Proofpoint can provide support: Our managed services team works with some of our most discriminating clients with complex organizational structures and requirements. And in our recent study, we saw the same reductions in end user risk with customers leveraging our managed services. 

Our managed services team makes it easy for your organization to launch a best-practice program from day one, and they’ll help ensure you can experience the fastest decrease in end user risk as possible. 

Measuring and communicating the impact of your security awareness program to executives is not always easy. To learn about how you should measure security awareness impact for long-term success, download our Measuring Security Awareness Impact for Long-Term Success eBook. 

Subscribe to the Proofpoint Blog