All over the world, government regulators are mandating cyber-awareness training and imposing stiff fines for the mishandling of personal data. The European Union’s GDPR (General Data Protection Regulation), which affects any company – regardless of location – that collects personal data from EU people, mandates cyber-awareness training. Fines for data-breaches and misuse of personal data are significant. Recently, AMAZON was hit with an $877 million dollar fine for misusing personal data. Well-known companies like British Airways and Marriott were fined for tens of millions of dollars for data breaches directly related to phishing attacks that could possibly have been avoided with proper cyber-awareness training.
The GDPR imposes severe fines that can reach the greater 20M Euro or 4% of an organization’s worldwide revenues.
The EU GDPR is not alone. Most modern countries worldwide have regulations in place, or are in the process of enacting them. These include various states in the United States, with California being at the forefront in data protection regulations. Israel has strict data privacy in place and continues to refine them based on regulations abroad.
The stiff fines that organizations are exposed to for data breaches cover only the regulator’s interest in the way data is handled. Organizations still have additional and substantial exposure to financial damage arising from lost business, lost customers and other lawsuits.
With a typical, medium sized enterprise expected to incur losses of $4M year (in mobile phishing attacks alone) the stakes in having robust cybersecurity are extremely high. Additional indirect costs make the stakes even higher:
The effectiveness of traditional frontal training for employees has been questioned because of major drawbacks:
Because of these drawbacks, training is either not conducted at all (54% of organizations) or it is conducted infrequently with diminished effectiveness as time goes by. Contrast this with Celestya’s Human SIEM module that continuously pushes training content based on user’s actual network behavior.
From an educational standpoint effective teaching and learning occur when all major learning processes are stimulated:
Furthermore, information needs to be refreshed continuously through these four learning centers in order for it to be retained and then expressed as human behavior. Traditional frontal training usually does not cover all four learning centers and the information conveyed is not retained over time. The employee is not measured and does not have an individual sense of personal responsibility. Therefore, a computerized cyber-awareness training system is an excellent way to fully realize the huge potential savings (over 70%) in cyber-attack costs through improved human behavior, provided it successfully addresses the following points: