Pittsburgh, PA –August 26, 2015 – Wombat Security Technologies (Wombat) and Ponemon Institute today published a new research report on the Cost of Phishing and Value of Employee Training, which found that employee training significantly reduces the financial consequences of phishing in the workplace.
The research reveals the majority of costs caused by successful phishing attacks are the result of the loss of employee productivity and uncontained credential compromise, among other factors, which together cost an average sized company $3.77 million per year.
In proof-of-concept studies involving large companies, Ponemon Institute found that the phishing email click rate improved an average of 64% following Wombat’s security training program. This improvement represents the behavior change in employees who fell prey to phishing scams in the workplace before and after training.
As a result of effective training provided by Wombat, Ponemon estimates a cost savings of $1.8 million or $188.4 per employee/user. If companies paid Wombat’s standard fee of $3.69 per user for a program for up to 10,000 users, Ponemon determined a very substantial net benefit of $184.7 per user – for a remarkable annual rate of return on investment of 50X.
“In talking with security officers, we know that many do not expect much benefit from employee training as part of their defense against phishing attacks. This research proves that security officers should expect more from employee education and seek providers like Wombat Security who can provide results like these,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “As the threat landscape continues to intensify and phishing tactics become more sophisticated, this research shows that employees who have undergone security training are far less likely to fall victim to a phishing attack.”
Other key findings:
“This is yet another proof point that an overall security posture is multifaceted and needs to include employee education to prevent against increasingly more sophisticated phishing attacks, which leave companies vulnerable to significant losses and business disruption,” said Joe Ferrara, President and CEO of Wombat Security Technologies. “This research reveals the compelling value and ROI from putting in place a comprehensive security training program. Our methods have shown that a continuous training methodology does change employee behavior and reduce risk within an organization.”
Recent awards and recognition for Wombat include winning two Info Security Products Guide Awards, winning the Cyber Defense Innovator Award, being named one of the 20 Most Promising Enterprise Security Companies in 2015, winner of the 2015 Pennsylvania Governor's Impact Awards and being designated one of the hot 500 Cybersecurity Companies to Watch in 2015.
To determine the cost structure of phishing, Ponemon Institute surveyed 377 IT and IT security practitioners in the United States. Thirty-nine percent of respondents were from organizations with 1,000 or more employees who have access to corporate email systems.
For security officers who want to build a business case for security awareness training using proven ROI data, please download your copy of, ’The Cost of Phishing and Value of Employee Training.’
About Ponemon Institute