How to Quantify ROI from Security Training

Is Security Awareness Training worth the investment?

January 23, 2015 • Published by

Why is it important to invest in Security Awareness Training?

How do you quantify ROI from Security Awareness Training of your employees? This is a question that every IT Security Manager has in his/her mind. Compliance mandates and government legislation exhort companies to roll out Security Awareness Training to employees, but is it worth the investment?

Time and again, there have been many attempts to come up with an effective methodology to measure the ROI, but no one has been able to precisely measure the return on investment.

A study by Aberdeen group is probably the most promising of these efforts.

The study concludes that:

1. User behavior goes a long way in reducing the security risk in an organization.
In spite of the security technologies deployed at perimeter and endpoints, breaches do occur, and the root cause of these occurrences can be attributed to user behaviors.

2. Security risks can be reduced by changing user behaviors.
Security Awareness Training can go a long way in amending how the user interacts with the system. With 80% probability, an investment in Security Awareness Training can reduce security risk by about 60%.

3. Security Awareness Training is worth the investment.
Investment in Security Awareness Training can reduce organizations' appetite for risk (i.e the total cost an organization is willing to accept) from security breaches caused by user behaviors by a factor of eight.

This study and its findings will certainly offer some strong arguments in favor of the IT Security Manager’s request to CFO to invest in Security Awareness Training!

Ready to explore Security Awareness Training?

If you’re interested in learning more about Security Awareness Training, request a demo or give us a call at 800-825-3301, ext. 2.