CISOs turn to security awareness solutions to change poor employee behaviors

Fast growing security awareness training market exceeds $1 billion globally

lazy worker
Credit: Thinkstock

The importance of computer security awareness training is supported by numerous recent reports including IBM’s 2014 Cyber Security Intelligence Index which found that 95 percent of all security incidents involve human error.

Gartner research Vice President Andrew Wells said the security awareness training market exceeds $1 billion in annual revenue (globally), and is growing approximately 13 percent year.

According to Gartner, employees’ actions can detrimentally impact security and risk performance. CISOs and employee communication leaders are increasingly turning to educational security awareness solutions to help improve organizational compliance, expand security knowledge and change poor security behaviors.

In the 2014 U.S. State of Cybercrime Survey – co-sponsors included Carnegie Mellon University and the Secret Service – 28 percent of cybersecurity incidents were blamed on current or former employees, contractors and other trusted parties. Nearly a third of respondents said such incidents cost more or inflict more damage than outside attacks.

Gartner released its inaugural Magic Quadrant for Security Awareness Computer-Based Training Vendors in Q4 2014, a report that reviewed the largest security awareness training vendors, plus many up-and-comers. The vendors in the Gartner report account for around $650 million in annual revenue.

Market growth is driving many new local, national and global entrants with a variety of programs and approaches to security awareness training. Digital Defense, Inc. (DDI) is helping companies protect vital business data with SecurED, an engaging training program that delivers expert information – with a dash of humor to make it fun and memorable – dramatically strengthening employee awareness and building a culture of security.

DDI, based in San Antonio Texas, is No.46 on the Cybersecurity 500 list of the world's hottest and most innovative cybersecurity companies. The company is bringing its brand and reputation to help tackle one of the biggest challenges corporations face today - social engineering - the practice of manipulating people into disclosing confidential data. Social engineering can result in staggering financial liability and severely damage a company's reputation.

DDI's customers can access 12 SecurED modules - anytime from anywhere - on PCs, laptops, tablets and smartphones. Topics cover security best practices surrounding Password Development & Security, Remote Social Engineering, Mobile Device Security, and more.

Seems like DDI might be on to something. Humor just might be the thing that gets employees taking security more seriously.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.