If you extrapolate the total annual cost of phishing for the average organization it comes to more than $3.7 million. You could shave that down by $1.8 million though, with the right security awareness training, according to a new report.
More than 375 IT and IT security practitioners in U.S. organizations were surveyed in “The Cost of Phishing & Value of Employee Training” (PDF), which was conducted by Ponemon Institute and sponsored by our friends at Wombat Security Technologies.
In a Wednesday email correspondence, Joe Ferrara, Wombat's president and CEO, told SC Mag that the biggest financial hit from these attacks comes from loss of productivity.
The new report calculates that productivity losses from phishing account for more than $1.8 million. “This is not only productivity loss for IT-related personnel, but also for the people that were phished while their machine is remediated, reimaged and recertified,” Ferrara said. The report noted that employees waste an average of roughly four hours annually due to phishing scams.
Training that helps employees spot phishing attacks and other related threats could help cut down costs by almost $2 million, the report showed. Ferrara said that a continuous training methodology provides the best learning retention and results within an organization.
All companies should "use a continuous training approach that uses a repeating cycle of assessing vulnerability and knowledge, educating with engaging content, reinforcing the correct behaviors, and measuring throughout the cycle," he recommended. "This enables practitioners to look at results against initial baselines and trend progress over time while adjusting education to target the problem areas.”
It's obvious that effective security awareness training has a massive ROI. Find out how affordable this is for your organization today.
Hat Tip to Adam Greenberg at SC Magazine
Related Pages: Phishing