Security awareness training cost has become more affordable, efficient, and scalable in recent years. Naturally, concern from CISOs and security awareness program managers about cost has followed suit.
Let’s step back. The disparity in the cost of security awareness training solutions for employees in the market is still very high, which makes the adept manager even more uncertain about which company to hire. Who offers the best training at the best price? Does affordability reduce impact? How can we rock the cultural boat and sustain culture change? What are the consequences of an unengaged, susceptible employee? What is the cost to train that employee up to a certain threshold of security?
Despite a manager’s relentless pursuit of these questions, it is important to understand that in this new digital age, employee cyber security awareness is an investment and not a cost. So there has to be some kind of investment-benefit analysis before settling on a solution.
The first factor is that cybercrime will remain a major concern for years to come. From 2019 to 2023, approximately US$ 5.2 trillion in global value will be at risk from cyber attacks, creating an ongoing challenge for companies and investors. Nobody wants to contribute earnings to these statistics.
The second factor is that the cost of training that promotes security awareness with impact is still relatively low compared to other, shinier technology investments.
The third factor is that high flexibility of customization among certain training solutions can further justify financial investment. The company that needs to implement a continuous internal culture of security awareness training at all levels of the organization achieves a gradual and rapid development using customized, role-based products.
These three factors are good example indicators of whether or not an investment will be beneficial. So when cost comes into play, there is already a value proposition.
In an article written by reporter Tara Seals for InfoSecurity magazine in September 2017, it was estimated that the cost of user safety training would reach $290,000 USD annually. In the article she cites a study by Bromium that reveals the average estimated time of 7 hours per year for each employee in cyber security training. Not to mention the involvement in hours of the human resources, IT and legal areas, which can reach 276 hours spent annually to organize training programs. Imagine how many wasted hours this nets with inefficient courses and training?
The Return On Security Investment (ROSI) is directly related to the quality of training in employee engagement. Educating is not enough. Employees need to become aware of the coming storm in order to act quickly.
In an annual survey conducted by the CISO Benchmark Study in 2019, 3,000 professionals responsible for corporate data security in 18 countries had roughly three different reactions to the coming storm: 44% of them increased investment in protection technologies, 39% conducted security awareness training with employees and 39% focused on implementing risk mitigation techniques. The extremely high financial impact on companies due to security breaches (caused by user error) was also highlighted by the professionals interviewed.
The question is: how to find and invest in an affordable, customizable training solution that is proven to increase user resilience against emerging threats?
Living Security's gamified online training platform, for example, is designed for program owners to assign custom training to users by role. The training uses a series of interactive videos, divided into episodes that cover critical concepts of security awareness.
Learning is then improved with immersive story through metaphors and interactive puzzles. The level of engagement in this process is very high due to the unique experience provided to the user.
Living Security's techniques, scientifically proven, involve participants, increase the retention rate and motivate behavior change. This explains why 68% of the brain is more involved when having fun. Training experiences come to life through engaging stories that people really enjoy. And the approach focuses on experiential learning, which motivates participants to engage with relevant security concepts, causing more learning retention.
If you’d like to talk more or get a quote, let us know!