Top 10 Reasons to Conduct Regular Awareness Training and Testing

 

1. Weak Password Hygiene

Weak or stolen passwords are involved in 82% of all breaches. Awareness training is needed to teach strong password skills not taught in schools today.

 

2. Higher Cost per Incident

Companies with cybersecurity awareness training paid 420% less per incident than companies without an awareness program.

 

3. Employee Inability to Spot Phishing Attacks

97% of employees cannot identify a phishing attack but most receive them daily.

 

4. Hackers Know to Exploit Trust

80% of West Point graduates clicked on a phishing attack despite receiving a 4-hour cybersecurity class. This was due to the “Colonel Effect” which exploits trust.

 

5. Users are the Weakest Link

No technical solution can stop users from clicking links, downloading malware, giving his or her financial account number, or password.

 

6. Phish Testing Alone Equals Entrapment

Phish testing alone is negatively viewed by employees as entrapment. However, when combined with awareness training, employees feel supported.

 

7. Phish Training is Effective

56% of IT decision makers believe phishing attacks are their biggest threat. “Phishing awareness and education are some of the best ways to decrease risk.”

 

8. Confidence and Productivity

By helping employees spot and delete phishing attacks, awareness training improves employee confidence and productivity by 2+/hours/employee/year saving 50 companies $3,000 (average pay of $30/hour)

 

9. Incident Costs of ~100k

Down-time, reputation damage, lost customers and recovery from a ransomware incident are estimated to cost between $84,000 and $115,000.

 

10. Training is Effective

Studies show untrained employees click on phishing attacks ~ 35% of the time, but click rates drops to between 6% and 13% with awareness training.