wombatsecurity | October 07, 2014

Want to Spend 76% Less on Security Incidents? Train Your Employees

Want to Spend 76% Less on Security Incidents? Train Your Employees

Pittsburgh, PA – October 7, 2014 – Companies that train their employees about cyber security best practices spend 76% less on security incidents than their non-training counterparts. That’s a prime takeaway from the 2014 U.S. State of Cybercrime Survey, a joint effort of Pricewaterhouse Coopers (PwC), the Software Engineering Institute at Carnegie Mellon University, CSO magazine, and the U.S. Secret Service.

This survey of more than 500 executives from U.S. businesses, law enforcement services, and government agencies yielded a treasure trove of data and analysis. But, as with other studies we’ve discussed, there seems to be a disconnect between understanding and action.

Clearly, companies know there is a problem:

  • 77%  of respondents detected a security event in the past 12 months
  • 34% said the number of security incidents detected increased over the previous year
  • More than 59% of respondents stated they were more concerned about cybersecurity threats this year than in the past
  • Among those who were able to estimate the financial costs of their security incidents, the average monetary loss was approximately $415,000

And there is a good bit of consensus about the things that can be done to deter criminals, including these types of policies and procedures:

  • Vulnerability management (49%)
  • Security education and awareness for new employees (42%)
  • Use of “white hat” hackers (44%)

But how does this understanding relate to action? The statistics are telling:

  • Only 46% of survey respondents provide security training to new employees
  • Just 44% deliver periodic security education and awareness programs
  • Only 42% utilize penetration testing
  • Just 38% of survey respondents have a methodology to prioritize security investments based on greatest risk to the business
  • Only 23% conduct cyber threat analysis

And how does failed action tie to financial loss? According to the survey, organizations without security awareness programs — and, specifically, new employee training — reported average annual financial losses of $683,000. Those with training totaled just $162,000 in average financial losses.

It’s Time to Cut Your Losses

If you’ve been kicking the security training can down the road, it’s time to pick it up, read the writing on the label, and get cooking. Because, as the survey said, “Untrained employees drain revenue.”

To discuss the latest in Security Awareness Training trends with Wombat Security Experts, or develop your own unique story, please feel free contact Lorraine Kauffman-Hall at 704-882-0443.

About Wombat Security Technologies

Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior.  Their SaaS cyber security education solution includes a platform of integrated broad assessments, as well as a library of simulated attacks and brief interactive training modules. Wombat's solutions help organizations reduce successful phishing attacks and malware infections up to 90%. Wombat is helping Fortune 1000 and Global 500 customers in industry segments such as finance, technology, banking, higher education, retail, and consumer packaged goods to strengthen their cyber security defenses.


Lorraine Kauffman-Hall


Amy Baker
412-621-1484 x 115