Executive Summary

Technology-based security solutions like firewalls, endpoint detection and response solutions, secure email gateways, desktop anti-virus, cloud-based malware and spam filtering are essential elements of a security infrastructure. However, too many decision makers neglect another important element that’s necessary to keep networks, data, applications, and financial resources safe: the human beings who interact with them.

Security awareness training is designed to bolster users’ ability to recognize threats like phishing attempts, unusual requests that purport to be from their company’s CEO, malicious advertising on web pages, and a host of other threats that are designed to trick users into doing something that can wreak havoc within an organization. Users who are well trained on security issues will be more sceptical and more careful about opening emails, clicking on social media links, or visiting web pages without first checking for clues about their validity.

This white paper reviews the results of an in-depth survey of organizations conducted by Osterman Research during May and June 2019. This paper discusses the financial justification for deploying a robust security awareness training program and demonstrates the significant return-on-investment (ROI) that can result.