KnowBe4, a leading cybersecurity platform focusing on human risk management, recently published a new white paper that delves into the impact of security awareness training (SAT) on reducing data breaches. By analyzing over 17,500 data breaches from the Privacy Rights Clearinghouse database in conjunction with their own extensive customer data, KnowBe4 was able to quantify the effectiveness of SAT in bolstering organizational cybersecurity.
The research revealed some key findings that shed light on the importance of security awareness training in mitigating data breaches. Organisations with robust SAT programs were found to be 8.3 times less likely to be listed on public data breach registers annually compared to general statistics. Furthermore, a staggering 97.6% of KnowBe4’s current U.S. customers have not experienced a public data breach since 2005. The data also indicated that customers who had suffered breaches prior to engaging with KnowBe4 were 65% less likely to experience subsequent breaches after implementing the company’s SAT program. Additionally, 73% of breaches involving current KnowBe4 customers occurred before they had integrated the SAT program.
In response to these findings, KnowBe4 advocates for organisations to adopt SAT programs that include quarterly training sessions and simulated phishing tests. The research underscores the critical question in cybersecurity of whether SAT can tangibly reduce an organization’s susceptibility to cyberattacks. The conclusion drawn from the analysis is that consistent and effective SAT results in significant reductions in human risk factors and fewer real-world compromises.
Roger Grimes, the data-driven defence evangelist at KnowBe4, emphasized the impact of social engineering and phishing in cyberattacks. He highlighted that these forms of attack alone cause more damage than all other factors combined. Grimes emphasized the compelling evidence that effective security awareness training, coupled with regular simulated phishing exercises, educates employees and decreases the human risk associated with cybersecurity threats.
Given that social engineering and phishing account for a significant majority of data breaches (70% to 90%), the research underscores the pivotal role that security awareness training plays in preventing such incidents. An effective SAT program, as defined by KnowBe4, includes monthly training sessions and simulated phishing campaigns.
The full white paper titled “Effective Security Awareness Training Really Does Reduce Breaches” is available for download on KnowBe4’s website. The research findings underscore the importance of investing in security awareness training as a proactive measure to enhance cybersecurity and prevent data breaches in organizations.
In conclusion, KnowBe4’s research provides compelling evidence of the tangible benefits of security awareness training in mitigating data breaches. By highlighting the effectiveness of SAT in reducing human risk factors and preventing cyberattacks, the research underscores the critical role that ongoing and comprehensive security awareness training plays in fortifying organizational cybersecurity.