Security Awareness Training ROI: Part 1 of 3

security awareness training ROI

Security Awareness Training ROI: Part 1 of 3


Today, data breaches and cyber-attacks are becoming so frequent that they aren’t a matter of “if” but “when,” making cybersecurity employee training a must. 

It’s no secret that security awareness training is essential for protecting your company from cyber-attacks. But many organizations struggle to justify the expense of security awareness training programs, asking themselves whether the security awareness training return on investment is really worth it.

Read below to learn how to justify to your CFO how you can get up to a 2,600% ROI.

security awareness training ROI

What Are the Experts Saying?

According to Gartner, security awareness training plays a vital role in helping employees learn how to identify and prevent this type of attack and a good training program is a cost-effective way of mitigating information security risk. 

However, with CFOs cracking down on budgets, they’re starting to demand more transparency into the effectiveness of each purchase- especially as more companies are using data and analytics to track performance from their vendors (Come back later and read here how ThriveDX’s Security Awareness Training incorporates data-driven decisions.).

There are two types of Security Awareness Training Return On Investments we’ll address.

1. Return On Investment From The Purchase

2. Return On Investment From The Security Awareness Training Effectiveness

To begin, we’ll go over how it can add to the bottom-line.

1. Return On Investment From the Purchase

Currently, experts recommend businesses spend a substantial amount on IT. Gallagher, a global insurance broker and consulting company, recommends 4% of a business’s revenue should go to IT. According to McKinsey & Company, organizations around the world spent around $150 billion in 2021 on cybersecurity, with spend growing by 12.4% annually. 

What's The Problem With Spending So Much?

Most of the spending is on infrastructure, yet the cyber attacks happen in the human layer: 93 to 97% of cyber attacks happen through human negligence. 

So, what is the connection here? Addressing the human factor will deliver a higher ROI on a business’ other cybersecurity products.

Security Awareness Training ROI: Part 1

How Does Security Awareness Training Increase Your Bottom-Line?

Investing in security awareness training products will result in cost savings from the breaches themselves. For example, of the 93 to 97% of cyber attacks that happen through human negligence, 35% of data breaches are attributed to human error (Federal Informations Systems Security Educators’ Association), and the average cost of a data breach is $4.35 million (IBM). 

Let’s walk through the Return On Investment for using Security Awareness Training and how it might impact you. When you have a breach, this usually happens:

1. Loss in Revenue: Generally Equal to 1 Day

When a breach happens, like a website going down or a loss to other key elements that prevent sales, it impacts revenue. To calculate the amount, go to your company’s 10K. Look at the Revenue Line from the year. Divide it by 365 (days in a year). If you make $365 million, that is $1 million lost in that day.

2. Remediation Expenses

This is usually done on a consulting basis. Usually you need two Full Time Employees at $300 to $400 an hour, with a minimum of the two full time employees for four weeks, which is $100k.

3. Ransom Payment

Although some stats vary, a conservative amount is usually greater than $250k.

Grand Total: $1 million + $100k + $250k = $1.35 million lost

Purchasing a $50k security awareness training, that prevents all of that from happening, will lead to 2,600% Return On Investment [(1,350,000 – 50,000)/50,000)) * 100).

2,600% Return On Investment

2. Return On Investment From The Security Awareness Training Effectiveness

Next, now that we discussed the way to add more profits to your bottom line, let’s discuss the behavior change that reduces the amount of breaches, leading to a higher ROI.

More effective security awareness training methodologies are needed to prompt behavior change. However, the problem is it doesn’t matter if or how much a company invests in an intrusion detection system. This spend doesn’t guarantee a behavior change that leads to fewer incidents. 

So how do you improve behavior change? Read Part 2 of our Blog here.

Protect Your Organization from Phishing


Explore More Resources

GitLab Inc. Increases Security Awareness for Development Teams Through New Partnership with Kontra's Cutting-Edge
While digital threats lurk around every corner and blur the lines between attacker and
Explore Ben Kapon's article on merging physical and digital security in SOCs, highlighting the
GitLab Inc. Increases Security Awareness for Development Teams Through New Partnership with Kontra's Cutting-Edge

Your Trusted Source for Cyber Education

Sign up for ThriveDX's quarterly newsletter to receive information on the latest cybersecurity trends, expert takes, security news, and free resources.

Download Syllabus

Let’s Talk

Download Syllabus

Apprenticeship Program

Apprenticeship Program

Let’s Talk

Get Your Free Trial

Access our Free OWASP Top 10 for Web

Enter your information below to join our referral program and gain FREE access for 14 days

Follow the steps below to get FREE access to our OWASP top 10 for Web course for 14 days

  1. Simply copy the LinkedIn message below
  2. Post the message on your LinkedIn profile
  3. We will contact you as soon as possible on LinkedIn and send you an invite to access our OWASP Top 10 for Web course


Make sure you confirm the tag @ThriveDX Enterprise after pasting the text below in your LinkedIn to avoid delays in getting access to the course.
tagging ThriveDX Enterprise on LinkedIn

Ready to Share?

Take me to now >

Contact ThriveDX Partnerships

[forminator_form id=”10629″]
Skip to content