Many successful ransomware attacks share a common characteristic—an authorized user does something they shouldn’t, like open a phishing email or click on a fraudulent link. So why aren’t businesses focusing on user education cyber security as a first-line approach?

The Costs of User Error Are Real and Measurable

According to the 2020 report from Ponemon Institute, the average global cost of insider threats rose by 31% in just two years. The frequency of incidents spiked by 47% in that time, a figure that only highlights the increasing severity of the problem. Here are a few highlights:

• The highest cost of an incident is related to containment, averaging $211,533 per organization globally.
• The fastest-growing cost is investigations, which has risen by 86% in just three years.
• The longer it takes to contain an incident, the more expensive it gets. Incidents that last more than 90 days cost an average of $13.71 million annually.

IT experts are in agreement that user education should play a more central role in cyber security planning, and that there’s still a major deficit in this area for many companies. According to a 2017 survey of 187 cybersecurity professionals which was reported in BetaNews:

• 92% believe that the industry is more focused on defending against outsider threats than internal ones.
• Almost half feel that uneducated users and insider threats are the most overlooked threat in cyber security today.
• 91% feel that senior management is not making the best decisions around security and spending.

User Education Is Worth It

Users can be your company’s weakest link—or its first line of defense. How well they play this role depends on your company’s willingness to invest in security awareness training, as well as your ability to support that training through institutional technologies and processes.

To deliver effective protection for your network, you should engage your users through exercises. One way to do this is through simulated attacks—for example, sending out fake phishing emails to help employees learn how to recognize threats. You can also require cyber security training courses to provide employees with the most current information about attack vectors.

A combined approach, such as the one offered by KnowBe4, is highly recommended. The integrated platform offers hours of security awareness training content, phishing templates, and results reporting—all in one place.

There are a number of helpful resources that you can choose from to maximize user education cyber security in a way that fits your company’s needs:

• Mimecast leverages humor and bite-sized learning to deliver effective online security training in just three minutes per month.
• SANS offers over 60 immersion-style courses across nine subject areas and is widely known as the world’s largest source of cyber security training, research, and certification.

You might also consider these computer-based training programs:

• Barracuda Networks PhishLine
• Cofense (PhishMe)
• HoxHunt
• Lucy
• PhishLabs
• Proofpoint (formerly Wombat)
• Securementum
• Webroot (OpenText)

How do you choose the best program for your company? You should choose a training program in line with your company-level cyber security strategy. That means determining scope, cost, and the customizability of any given program to meet your company’s specific needs. The best employee training programs include these key features:

• Simulated attacks. You’ll want to find a platform that not only teaches important cyber practices, but also allows employees to practice responding to simulated attacks.

• Reporting. Strong programs include metrics and goal setting to help you track your progress and thereby demonstrate the training’s ROI for your company.

• Incident response. Beyond training, certain platforms integrate incident response capabilities so that users learn to report attacks efficiently and effectively.

The Bottom Line on Cyber Security

Given that so many malware attacks can be prevented through employee awareness, it seems negligent not to incorporate user education into your cyber defense strategy. Even if your enterprise doesn’t store sensitive information, you could still become a target. Hackers will hold networks hostage or demand payment in exchange for restored access to company records, and the costs to persevere through such attacks can reach astronomical heights. Not to mention that the effects of a single attack often extend over a period of years and may even cause a company to go out of business.

If you’re a broker and would like to know more about how you can help your clients protect their futures from the threat of a cyber attack, we encourage you to download our free whitepaper: “The Six-Step Guide to Becoming Your Clients’ Cyber Expert.”

Learn how ProWriters has streamlined the process of comparing cyber liability insurance by going to our Cyber IQ Comparative platform. The platform allows you to evaluate quotes and cyber packages from different carriers in just minutes, allowing you to find the most cost-effective policy for your clients faster than ever. The best cyber defense strategy involves a combination of employee education, cyber defense technology, strong protocol, and a liability insurance policy to cover costs in the event of an attack. To find out how ProWriters can help, please schedule a call with one of our experts.