A study recently revealed that nearly 25% of data breaches involve phishing, and it is the second most frequent data security threat companies face. Phishing is an enormous problem, and it is getting worse.
In a staggering statistic, on average, a company with 10,000 employees will spend $3.7 million per year handling phishing attacks.
Phishing training has a tremendous return on investment (ROI). According to a Ponemon study, the average phishing training program produces $188 in cost savings per user.
Phishing keeps rising.. The best defense against phishing is training. Phishing involves exploiting people, who are an organization’s greatest vulnerability.
So if you don’t want pain, you better train. There are many ways to train, and a good training program has many dimensions. It is on ongoing education and awareness campaign.
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics.
Professor Solove is the organizer, along with Paul Schwartz of the Privacy + Security Forum (Oct. 21-23 in Washington, DC), an event that aims to bridge the silos between privacy and security.