informa
Products & Releases

KnowBe4 Says Lack Of Security Training Equals Serious Legal Liability

Although the number of cybercrime victims declined in 2013, the cost per victim has increased 50 percent
(Tampa Bay, FL) November 18, 2013--Cybercrime has been branded the number one threat to United States security--although the number of cybercrime victims declined in 2013, the cost per victim has increased 50%, bringing the global total to a staggering $113 billion (1). As the costs of data breaches continue to skyrocket--and businesses expose themselves to potential class-action lawsuits on behalf of third parties--Internet security awareness training firm KnowBe4 (http://www.knowbe4.com/) warns small and medium-sized enterprises (SMEs) to effectively arm themselves against cyber-attacks before litigation ensues; KnowBe4 says that security awareness training triples the chances of an organization being able to decrease its phishing problems.

Recent studies show that over the past four years, cybercrime costs have climbed by an average of 78%, while the time required to recover from a breach has increased 130%:

● In the United States alone, the annual cybercrime cost seen by the 60 businesses studied ranged from $1.3 million to more than $58 million and averaged $11.6 million per company--an increase of $2.6 million from 2012.

● The average cost of cleaning up after a single successful attack was $1 million (2).

But the costs of correcting data breaches are no longer the only cause for concern--the legal consequences, such as class-action lawsuits on behalf of third parties affected by such cyberattacks, are a growing worry of business owners. Businesses--specifically those that guard individuals' personal information, such as banks and data brokers--have become a likely target for consequential litigation in the aftermath of security breaches.

Case in Point:

Identity thieves posed as customers to steal more than 160,000 consumer records from data broker ChoicePoint. After the information theft was publicly announced, ChoicePoint paid out some $45 million as a result of the breach, and in the process effectively created a new source of liability for organizations nationwide (3).

Stu Sjouwerman, founder of KnowBe4, maintains that businesses can effectively bypass the financial burden of data breaches by implementing Internet security awareness training (http://www.knowbe4.com/) designed to teach employees to recognize and avoid potential "hack-attacks."

"Antivirus software cannot keep up with the sophisticated tactics of professional hackers, and should not be depended upon as a reliable means of defense," Sjouwerman said. "Internet security training has proven to work by lessening the chances of a successful cyberattack."

Sjouwerman says that the best defense is to think like a hacker, as phishing and social engineering tactics become increasingly sophisticated and difficult to detect. KnowBe4 collaborated with Kevin Mitnick, once known as the "World's Most Wanted Hacker," to develop Kevin Mitnick Security Awareness Training (http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/), a product designed to help organizations defend against even the most advanced network security breaches.

But even as cybercriminals constantly refine their techniques, KnowBe4 recently announced that an upgraded Kevin Mitnick Security Awareness Training program is in the beginning stages, and will be unveiled in 2014. The program is interactive and web-based, with case studies, live demonstration videos and short tests.

Sjouwerman's authority was confirmed by a study conducted by Osterman Research, which specializes in conducting market research for IT and technology-based companies. Sjouwerman classified five types of security awareness training that organizations commonly implement:

Recommended Reading: