In this report jointly-published by The Aberdeen Group:
- The leading driver for enterprise investments in security awareness and training for their users is to reduce cyber security risk related to user behaviors. This raises an important question: On what basis is the business decision to invest in security awareness and training being made?
- For the private sector, Aberdeen’s Monte Carlo analysis estimates the annualized business impact of phishing attacks – based on the lost productivity of 1K users and a data breach of 100k to 1M records – to be between $0 and $10M, with a median of about $250K.
- For the same scenario, an investment in security awareness training results in a median recution in the annualized risk of phishing attacks of about 50%, a median annual return on investment of about 5 times, and a reduction in the potentially catastrophic “long tail” of risk by about $6M.
- For the same scenario, Aberdeen’s Monte Caro analysis provides the additional insight that a modest investment in security awareness and training for all users (about $28K) has a 72% likelihood of a significant reduction in the business impact of phishing attacks (as high as $6M).
- Get buy-in for a security awareness and training program by showing a potential annual return on investment
- View the different likelihoods and financial implications of end user risks, and potential reductions in risk that can be achieved with our solutions for security awareness and training
Download now to learn more.