Many of today’s most expensive and devastating cybercrimes arrive on a company’s doorstep as the cargo of a phishing email. Attacks like business email compromise or ransomware can bring a company to its knees through expenses related to response, investigation, mitigation, loss of data and productivity, payroll overages and more, especially if intensive repairs are required to restore the company’s environment or recover their data. That’s one reason why 60% of companies that suffer a cyberattack go out of business. But the data shows that when companies are looking to improve security affordably, security awareness training answers the call, cutting phishing costs in half while improving overall security.

The relationship between phishing and a data breach puts many businesses that have neglected security awareness training at risk for a disaster. The newly released 2021 Ponemon Cost of Phishing Study helps shed light on some of the massive hits that companies can take to their revenue in the event of a successful phishing attack. The biggest takeaway from this report is the colossal increase in the cost of a phishing attack for businesses. Researchers say that the cost of phishing attacks has almost quadrupled over the past six years, with large US companies losing an average of $14.8 million annually (or $1,500 per employee) to phishing. 

How can companies reduce the cost associated with phishing? 

Security awareness training answers that need. It’s the one bright spot in this tale of increased expense, and it’s an easy thing for businesses to do that pays dividends in other areas of cybercrime protection. Security awareness training reduces the cost of phishing by more than 50%. That’s a significant amount of reduction. Companies are constantly looking for easy ways to lower risk across the board without spending a fortune, and security awareness training answers that question by reducing a company’s chance of experiencing a data breach up to 70% and it’s easy to see the dollars and cents of exactly what makes it so valuable. It’s a small investment in a business that offers an excellent ROI.

When a company is wondering what they can do to quickly improve their security, adding or restarting security awareness training answers that inquiry. Unfortunately, far too many organizations neglected security in the hubbub of 2020 – especially training. Almost 50% of companies have done no training for employees around security awareness topics like remote workforce risks.

That training needs to be refreshed regularly and given at the right cadence, 11 times per year on average, but if those conditions are met security awareness training is extremely effective. Researchers in a UK phishing simulation study discovered that the improvement is stark. At the beginning of the study, 40 – 60% of the employees surveyed were likely to open malicious links or attachments.  But after about 6 months of security awareness training, the percentage of employees who took the bait in every industry dropped 20% to 25% – and after 3 to 6 months of more security awareness training, the percentage of employees who opened phishing messages plummeted to only 10% to 18%.

Source: ID Agent