Our friends at Wombat created a good summary why security awareness training is a must these days. Why?
Organizations without security awareness programs -- and, specifically, new employee training -- reported average annual financial losses of $683,000. Those with training totaled just $162,000 in average financial losses. So, save your organization half a million bucks and use effective user-education.
"Bottom-line, companies that train their employees about cyber security best practices spend 76% less on security incidents than their non-training counterparts. Analysts now agree, including industry giant Gartner, which has published a magic quadrant on security awareness training. A recent article shows more:
Although enterprise security awareness training for employees has long been considered a compliance-checkbox activity, but not necessarily an effective tactic for protecting corporate assets, Gartner says it's time that enterprise security managers should rethink their attitudes toward user awareness training.
A recent report from the 2014 U.S. State of Cybercrime Survey, a joint effort of Pricewaterhouse Coopers (PwC), the Software Engineering Institute at Carnegie Mellon University, CSO magazine, and the U.S. Secret Service revealed some startling facts:
- Only 46% of survey respondents provide security training to new employees
- Just 44% deliver periodic security education and awareness programs
- Only 42% utilize penetration testing
- Just 38% of survey respondents have a methodology to prioritize security investments based on greatest risk to the business
- Only 23% conduct cyber threat analysis
Full Wombat release at: