Phishing Education Can Save Nearly $4m Annually

The appropriate employee training can significantly reduce the financial consequences of phishing in the workplace claims new research from Wombat Security Technologies and the Ponemon Institute.

The Cost of Phishing and Value of Employee Training revealed that majority of phishing costs are due to loss of employee productivity and uncontained credential compromises. When added to other factors, these can cost an average sized company $3.77 million per year.

Data also showed that the average annual cost to contain a credential compromise that originated from a successful phishing attack is $381,920.  Uncontained credential compromise could cost a company as much as $105.9 million. The total cost of business disruption due to phishing was found to be in the region of $66.9 million.

The reported also suggested that the average total cost for an average company to contain malware is $1.9 million per year. Uncontained malware costs an average sized company as much as $105.9 million

In proof-of-concept studies involving large companies, Ponemon Institute found that the phishing email click rate improved an average of 64% following security training. This improvement represents the behavior change in employees who had fallen prey to phishing scams in the workplace before and after training. Ponemon calculates potential cost savings of $1.8 million or $188.4 per employee/user.

“In talking with security officers, we know that many do not expect much benefit from employee training as part of their defense against phishing attacks. This research proves that security officers should expect more from employee education,” said Larry Ponemon, chairman and founder of the eponymous institute.

“As the threat landscape continues to intensify and phishing tactics become more sophisticated, this research shows that employees who have undergone security training are far less likely to fall victim to a phishing attack.”

“This is yet another proof point that an overall security posture is multi-faceted and needs to include employee education to prevent against increasingly more sophisticated phishing attacks, which leave companies vulnerable to significant losses and business disruption,” added Wombat Security Technologies President and CEO Joe Ferrara.

“This research reveals the compelling value and ROI from putting in place a comprehensive security training program. Our methods have shown that a continuous training methodology does change employee behavior and reduce risk within an organization.”

What’s Hot on Infosecurity Magazine?