My name is Stu Sjouwerman. I’m the Founder and CEO of KnowBe4, my 5th startup. I have been in IT for 40+ years, the last 25 of those in information security.
In my last company we built an antivirus engine from scratch and combined it with intrusion detection, prevention and a firewall. But we encountered a persistent problem that few organizations were addressing: end-users being manipulated by bad actors.
That’s why I started KnowBe4, to help IT pros manage the ongoing problem of social engineering. In April 2021 we went public on the NASDAQ, and we were taken private in 2023.
Executive Summary
One of your important responsibilities is to minimize expensive downtime and prevent data breaches. Skyrocketing ransomware infections shut down your network and exfiltrate data. Phishing is responsible for two-thirds of ransomware infections.
This is why security awareness training (SAT) has become a critical component of reducing risk and safeguarding digital assets. Here are the cost savings, productivity gains and business benefits one enterprise experienced by implementing KnowBe4's security awareness training platform, according to Forrester’s Total Economic Impact of KnowBe4 (1):
- A three-year ROI of 276% with payback in less than 3 months
- $432.3K in reduction in risk exposure over three years by building a stronger security posture via awareness training and simulated phishing testing
- $411.3K cost avoidance by reduction in email alert investigations and response costs due to employee proactive threat response
- $164.2K cost avoidance from leveraging KnowBe4’s 35-language security training library and simulated phishing instead of in-house programs
- Avoid cost increases in cyber insurance due to reducing outages caused by security incidents.
The Upshot: Deploying the KnowBe4 platform is an extremely effective use of your limited InfoSec budget. It has powerful add-ons like anti-phishing defenses, real-time security coaching and compliance training. Customers tell us this is the best return on their investment.
The Social Engineering Problem is Getting Worse
Maximizing your InfoSec budget is a key component of your security strategy and is essential for the successful protection of your networks and data. Selecting and deploying effective security products enables you to maximize ROI and mitigate risk.
A single successful cyber attack can impact revenues, expenses and cash flow. You, along with your IT and InfoSec executives, play a key role in managing that risk.
The global indicator 'Estimated Cost of Cybercrime' in the cybersecurity market (2) is forecast to continuously increase between 2023 and 2028 by a total of $5.7 trillion.
With the cost of cybercrime skyrocketing, your workforce is your largest cybersecurity risk. Verizon’s Data Breach Investigations Report(3) shows that 74% of data breaches involve the human element, 91% of cyberattacks start with a spear phishing attack and phishing is responsible for two-thirds of ransomware infections.
These statistics underscore the critical importance of implementing an effective SAT program. It enables your workforce to make smarter decisions, strengthen your security culture and reduce human risk.
To accurately assess the ROI for security awareness training requires:
- Understanding the risk/cost of doing nothing
- The cost of implementing and managing an SAT program yourself
- The benefits/risk reduction of implementing KnowBe4’s security awareness training platform.
Check out this explainer video for more details:
The Risk and Cost Of Doing Nothing
Implementing SAT is about mitigating risk. The cost of doing nothing can be extremely high. In 2023, the average cost of a data breach was $4.45 million. Here are the six major categories of what typically constitutes that total dollar amount:
- Time lost remediating a cyber incident or full-blown breach, often with expensive third-party providers
- Downtime and loss of business functions
- Financial losses resulting from stolen funds, ransom payments and fraud
- Reputational damage to your organization
- Loss of intellectual property
- Increased cybersecurity insurance premiums and potential fines due to non-compliance with industry-specific standards/regulations
Additionally, sales losses are real and quantifiable. In 2023 alone, there have been high-profile cyber incidents in the casino and consumer packaged goods space that were publicly disclosed to have cost these companies over $1 billion in sales losses.
"Close to three years ago, our C-suite implemented KnowBe4. And since we have been in this program, we have not had a security incident like that.” - IT security awareness program manager
The Cost Of Implementing And Managing SAT Yourself In-House
How many hours, people, and resources does it take to research, write, design, localize, and deliver an accessible, engaging, effective multi-lingual SAT program that includes simulated phishing, reporting and continuously updated content? Depending on your organization, that cost is 200% to 300% higher than an annual subscription to KnowBe4’s security awareness training and simulated phishing platform.
The Benefits And ROI Of KnowBe4’s Security Awareness Training Platform
An effective SAT program is a proactive approach to mitigating the risk that phishing and social engineering attacks present before you suffer damages resulting from a cyber attack or data breach.
The IBM Cost of a Data Breach Report (4) shows that employee security training was one of the three most effective data breach cost mitigators in 2023, saving organizations an average of $232,867.
A Great Way To Manage The Ongoing Problem Of Social Engineering
KnowBe4’s Phishing by Industry Benchmark Report (5) analyzes Phish-prone™ Percentage (PPP) across millions of individual users. The report illustrates how crucial it is for organizations to invest in their workforce to increase the critical layer of human defense and strengthen their security culture. Organizations that leverage KnowBe4's security awareness training and simulate phishing platform reduce their susceptibility to phishing attacks by a dramatic 82%.
I strongly recommend you approve this PO.
More than 65,000 organizations globally use it successfully.
Warm regards,
Stu Sjouwerman, Founder and CEO.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your quote for KnowBe4's security awareness training and simulated phishing platform and find out how affordable this is!
