Security education saves companies millions of dollars a year

Every year, phishing attacks end up costing businesses time and money due to the loss of employee productivity and credential compromise, among other factors. Together, these costs can add up to $3.77 million per year for an average sized company.


New research released by Wombat Security Technologies and the Ponemon Institute finds that the phishing email click rate improved an average of 64 percent following security training.


“In talking with security officers, we know that many do not expect much benefit from employee training as part of their defense against phishing attacks. This research proves that security officers should expect more from employee education and seek providers like Wombat Security who can provide results like these”, says Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “As the threat landscape continues to intensify and phishing tactics become more sophisticated, this research shows that employees who have undergone security training are far less likely to fall victim to a phishing attack”.


As a result of training provided by Wombat, Ponemon estimates a cost saving of $1.8 million Or $188.4 per user. If companies paid Wombat’s standard fee of $3.69 per user for a program for up to 10,000 users, Ponemon determined a substantial net benefit of $184.7 per user — an annual rate of return on investment of 50X.


Other findings include the average total cost for a company to contain malware is $1.9 million per year. Uncontained malware can cost an average-sized company as much as $105.9 million. The cost of business disruption due to phishing is $66.9 million and employees waste an average of 4.16 hours annually due to phishing scams.


The average annual cost to contain a credential compromise that resulted from a successful phishing attack is $381,920. An uncontained credential compromise could cost a company as much as $105.9 million.


“This is yet another proof point that an overall security posture is multifaceted and needs to include employee education to prevent against increasingly more sophisticated phishing attacks, which leave companies vulnerable to significant losses and business disruption”, says Joe Ferrara, President and CEO of Wombat Security Technologies. “This research reveals the compelling value and ROI from putting in place a comprehensive security training program. Our methods have shown that a continuous training methodology does change employee behavior and reduce risk within an organization”.


Original article found on See the original article here


  • author Dan BardinPublished on August 31st, 2015

Tech insights

Cyber Security Awareness Month 2019: The State Of Cybercrime

Learn more

See You At The 2019 Saratoga County Business-To-Business Expo on Thursday!

Learn more

Aligning Business & IT Remains a Top Priority for Saratoga Springs Business

Learn more