One of the difficulties customers experience in the run-up to their security awareness program is determining ROI. How do you, as a company, find out how much money you will effectively earn back with your program? And when is that payback moment there?

ROI defined

First of all, each company gives a different interpretation of ROI (Return On Investment). The way in which your company determines ROI is therefore unique. But know that security awareness is nothing more than any other IT security solution. And so, treat it as such.
How would your company determine the ROI for buying an antivirus solution, token authentication or encryption solution? Whatever that process is, use the same process for security awareness training.

Full-Time Employee

In addition, if reducing costs is important, try to determine the ROI in terms of FTE (Full Time Employee). Some companies keep detailed statistics of how much recovery time their IT security team spends on infected systems. After their awareness program, the number of infected systems has decreased significantly, freeing up FTEs to focus on more important projects than computer recovery (or simply to save costs).

Security Awareness tackles all risks

Finally, most security solutions are designed to address specific risks. For example, an antivirus solution reduces malware and 2-factor authentication avoids weak passwords. Security awareness is different, it is an IT security designed to address and help reduce not only the above-mentioned risks but also all other risks (social networks, ransomware, mobile devices, unsecured WiFi, …).

Contact

Interested in planning a security awareness staff training? Or are you curious about how you can increase awareness for your company? Then please contact us using the form below. We will be happy to answer all your questions!

*You can also count on us during the corona crisis. Take care of yourself!*