3 minutes   
Professional Development

ROI: Why investing in Cyber Security Training is smart

In the area of cybersecurity, the main threats are directed towards people. This is why employees must be able to recognize and ward off attacks.

As an eLearning agency, we were interested to see whether training can prepare employees for that. What is the Return on Investment (ROI) of a Cyber  Security Training? Does the investment pay off?

Therefore, we did research a few studies to find out. All of them came to the same conclusion: Yes, it does pay off.

So much in advance, but let’s see why this also concerns you.

The impact of cyber attacks is rising

In our connected world, we see an increase in cyber attacks on businesses. This is the result of the Cost of Cybercrime study which investigated the costs  across 11 countries (including Germany) in 16 industries.

Security Breaches are growing. Comparing 2013 with 2018 there is a growth of 67 %.
Fig.1 Security breaches are growing

If successful, they cause immense economic damageIBM Security published in its Cost of a Data Breach Report 2020 that the average total cost per breach was $3.86 million.

In addition to the financial loss data breaches also lead to a loss in know-how and reputational damage. To prevent this, companies invest a lot to protect their IT systems with effective programs and defense systems. This makes things difficult for the attacker.

However, they already realized that there is another way to confidential data: the employees!

This becomes obvious when looking at the evolvement of cyber attacks. We see that people-based attacks have increased the most:

People-based attacks have increased the most.
Fig. 2 Evolvement of cyber attacks

How to protect the organisation from data breaches

A nice indiscrete chat on the phone or a click on a link may not be prevented by a firewall.

According to a survey by the Bundesamts für Sicherheit in der Informationstechnik (BSI), malicious mail attachments are still the main source for malware on computers.

As already mentiones is the key to success that the employees are able to recognize and ward off attacks.

Is this something where Cyber Security Training can help?

The market research organisation Osterman Research concluded in its study that employees who received Cyber Security Training were significantly better at detecting attacks than employees before training.

As a result of the training, the confidence that employees will recognise phishing and social engineering increases significantly: from one fifth to two thirds.
Fig. 3 Percentage of IT/security professionals reporting employees as “capable” or “very capable” of recognizing cyber attacks

If you compare the average total cost per data breach of $3.86 million, with the cost of employee training, you can quickly see that this is a good investment. Although the costs vary according to the type of training, company structure – and size, Ostermann Research calculates the return on investment ranging from 69 % for small companies to 562 % for large companies.

You see: Cyber Security Training shows an amazing ROI. It is therefore not surprising that government institutions such as the American National Institute of Standards and Technologies launched initiatives for Cyber Security Training, for example the National Initiative for Cybersecurity Education (NICE).

How can you achieve best results with your training?

The best training results are achieved if the training is delivered and refreshed in regular intervals. If the training also includes examples and clear instructions, the participants not only memorise, but also gain the knowledge and confidence to apply what they have learned.

The training may be delivered in different formats (face-to-face, online etc.). Especially in bigger organisations the most efficient way is to provide repeating and refreshing training for the entire staff using eLearnings. eLearnings may train employees globally, independent of their location and whether they work at home or in an office space. Furthermore, all new employees will be reached immediately.

But is eLearning as effective as classroom training? Yes, because eLearning has the advantage that participants learn self paced. Individual paragraphs may be played back repeatedly or more slowly. Additionally an eLearning involves all participants through interactive screens. Hence, everyone has to focus and think along with the training.

Our conclusion

All these insights led to the creation of a standard training course on cybersecurity. The training consists of individual modules that can be combined according to requirements and rolled out sequentially. This way, your employees receive a training that is tailored to your company’s needs without the much longer process of creating an individual training.

Take a look now at our Cyber Security Training offer now.
Doris Jandel is an e-learning author at ICON. She has been designing and authoring scripts for online trainings since 2018. Before that she worked for 14 years as a corporate trainer and program manager. In that position she was amongst others responsible for the design and development of training programs and learning plans for different roles and experience levels. Find out more on LinkedIn: https://bit.ly/2MiMDtZ

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *