You may know Gartner, the 800-pound gorilla in the IT Analyst space. When a market is mature enough they create their so-called Magic Quadrant (MQ) with the leading vendors in that particular space.
Normally there are hundreds of players in a mature market but only 20 or so of the actual leaders make it on the MQ. KnowBe4 made it on there first time around.
The Gartner Managing Vice President who covers the security awareness computer-based training market and manages this MQ is called Andrew Walls. He revealed some interesting numbers that may help you to get budget:
- The security awareness training market globally exceeds $1 billion in annual revenue
- This market is growing about 13 percent per year
- Employees’ actions can detrimentally impact security and risk performance
- CISOs are increasingly turning to educational security awareness solutions
If that's not enough, these facts and figures might do the trick:
- 71% of organizations were successfully spear-phished in 2014
- 96% of executives are unable to distinguish a phishing email from a legitimate one 100% of the time
- 91% of cyberattacks begin with a spear phishing email
- Antivirus endusers are exposed to phishing attacks for an average of 17.5 hours before detection
- Security awareness training can reduce an organization's security risk by as much as 70%
According to IBM's 2014 Cyber Security Intelligence Index report, cybersecurity threats will only continue to grow and going after individual employees is exactly how actors are often able to successfully carry out their attacks. Even organizations with strong security defenses can still be vulnerable to a social engineering attack, the best way to protect against this is to regularly educate users to keep security top of mind.
This is good ammo if you need to get budget approval to train your employees, C-level peer pressure is a great incentive to hop onto a trend and not fall behind. Investing in security training for employees is much less of a headache and less costly than a data breach, we're sure companies like Ryanair, Premera and Anthem would agree!
InfoWorld's security guru Roger Grimes delves into why security education for employees is one of the most important factors in protecting your organization from an attack. He reviewed KnowBe4's integrated awareness training and phishing platform, read more for what he had to say. It's great to send to executives as an addendum to a business case for user education.
UPDATE: IBM's 2016 Cyber Security Intelligence Index report has been released, here are some of the key takeaways:
In 2015, 60% of all attacks were carried out by insiders - either malicious insiders or inadvertent actors. Meaning be careful who you trust and never give anyone access to more data than they need. The percentage of inadvertent actors dropped from 23.5% to 15.5%, which could mean there has been a significant increase in employee security education over the last year.
The most attacked industry was Healthcare, breezing past Financial Services, now in the #3 spot from #1 in 2014. More than 100 million healthcare records were compromised in 2015. Healthcare records are desirable by criminals because they are full of enough personal information like credit card numbers, social security numbers, and more that makes a victim very easy to exploit.
Unauthorized access accounted for 45% of incident causes in 2015 over malicious code and sustained probes/scans, both of which were at the top in 2012 and 2013. This is in part due to Shellshock-related attacks and attackers favoring more targeted attacks such as exploiting security vulnerabilities and launching spear phishing campaigns.
One thing that hasn't changed since the 2014 report is the human element. Security awareness training for all employees is essential in protecting yourself from vulnerabilities in the threat landscape. Regular training and testing also works to reinforce a security culture in your organization.
Old School Security Awareness Training does not hack it anymore!
Find out how affordable the Human Firewall option is for your organization today.
Related Pages: Security Awareness Training
