Recent estimates peg the percentage of human-caused data breaches between 40% and 60%. Workers’ costly transgressions run the gamut, from clicking on an enticing but malicious email link to the negligent or careless mishandling of sensitive data and logins.
Security experts agree that education–specifically, security awareness training–is a proven strategy for reducing so-called ‘human-factor’ incidents. People are and always will be both your weakest link and your first line of defense. So, to effectively avoid unintentional breaches, you must instill a security-first mindset, beginning with training that equips staff to effectively detect, avoid and report potentially harmful threats.
Remember: a regimen of this sort is not a one-and-done endeavor but rather must be repeated, ongoing and continually refreshed to keep pace with evolving threats. Random testing, such as phishing employees (under the watchful eye of experts like RCS) can also be an integral part of your overall security strategy.
While predicting a reliable ROI on awareness training is difficult, it is possible, over time, to correlate effective instruction with a reduction in security-related events.
For example: 42% of respondents to a US State of Cybercrime Survey said that security awareness training of new employees helped to deter attacks. The same report indicated companies without such training for employees, suffered a 322% loss, due to cybersecurity incidents.