It sure is a good time to be in the phishing awareness training business, especially if you’re looking for investors to invest in your company. A couple of multimillion dollar deals were announced just last week.
First, “start-up security awareness firm CybeReady has expanded into the U.S. market with an initial funding round of $5 million led by Baseline Ventures,” according to an article on Security Week website.
Not to be outdone, awareness training company KnowBe4 raised $300 million last week from private equity company KKR. According to a different article on Security Week website, “The company has raised $388 million in funding to date, with the latest round valuing the company at $1 billion.”
None of this should come as a surprise. According to Cybersecurity Ventures, “the market for security awareness training will reach $10 billion annually by 2027, up from roughly $1 billion in 2014.” Where there’s a growing marketing, there’s going to be growing investment.
Of course each of the 32 awareness training companies identified by Cybersecurity Ventures claims that their training is the best. The latest claim is that the secret to effective delivery is continuous training.
For example, CybeReady claims their approach is different than other products because theirs is continuous and individually tailored. “CybeReady is the only solution,” says CEO Shlomi Gian, “that guarantees behavioral change by leveraging data science and machine learning to train the entire workforce on a monthly basis throughout the year.”
All of this sounds great, except for two things.
First, no matter how frequently you train employees, effectiveness never reaches 100%. The same training companies receiving the investments admit to it. KnowBe4 says Phishing Emails Will Always Get Through. Their own research shows that with a full 365 days of training, 2.17% of employees will still get successfully phished. That means in a mid-size company of 400 employees, eight will still click on malicious links in phishing emails after a year of training.
Second, the number of clicks it takes to infect an entire company is ONE.
There’s nothing wrong with phishing awareness training, although I doubt it’s the best use of funds earmarked for security. The best investment in this area is in cloud-based email security with real-time scanning, because it prevents phishing emails from reaching your inbox. And keeping a malicious email out of the inbox is 100% effective in keeping employees from getting phished.
When you’re ready to keep your employees from clicking on 100% of the emails that never reach their inbox, head on over to Phish Protection. You’ll be up and running in 10 minutes. Try it free for 30 days.