We are excited to share with you a new case study that illustrates how the Royal Bank of Scotland (RBS) — a leader in global banking and financial services — is using our security awareness training solutions to engage stakeholders and educate employees, ultimately reducing end users' phishing susceptibility by more than 78%.
In terms of specific products, Marjoribanks selected our Anti-Phishing Training Suite, which combines customizable ThreatSim® Phishing Simulations, targeted interactive training modules, and robust business intelligence tools, all managed from our purpose-built Security Education Platform. In conjunction with phishing tests, RBS has also used our Email Security, Social Engineering, and URL Training cybersecurity education modules.
RBS had great success with early simulated phishing campaigns, with click rates plummeting from 47% in its initial company-wide test to 22% just two months later. Following that, however, the results seemed to plateau. “We thought, collectively, that we needed people to take some personal responsibility,” said Marjoribanks. That’s when RBS implemented its consequence model for clicking on simulated phishing emails — a step that brought significant additional reduction in click rates. “Now, we hover at around seven, eight, nine percent as a result,” she said.
Overall, RBS has reduced its phishing susceptibility by more than 78%. In terms of ROI, RBS indicated that its program has easily paid for itself by reducing the number of cyberattacks infiltrating the organization. But even with such great results, Marjoribanks feels the organization’s security awareness and training will never be over. She believes simulated phishing assessments must be continuous, saying, “Phishing has to be at the forefront of people’s minds. Even if we get to a point where we have an acceptable click rate, we just have to keep going. It’s just a service that is naturally going to be embedded in our offering.”
For more details about the RBS program, read the full case study on our website.
Subscribe to the Proofpoint Blog