Security Awareness Metrics
Effective security awareness programs are corporate initiatives that yield results in the form of reduced cyber risk. Our customers realize a measurable decrease in ransomware, email fraud, malware and social engineering incidents. These results are be attributed to the program through meaningful security awareness metrics.
Security awareness program results are measured through “phish prone” percentage, security awareness training completion, newsletter article engagement and other relevant metrics. Our monthly reports provide trending analysis and can be configured to break security awareness metrics down by location, department or division. Below are examples of report metrics.
Security Awareness Training Completion
eSecurity Awareness provides training completion status in its monthly report. Likewise, we provide a list of employees who are in the process of completing training and those that have not yet begun the training assignment. This information is used to ensure full participation in security awareness training.
Phish Prone Trending
A common security awareness metric is the "phish prone" percentage. The phish prone percentage correlates the number of links clicked vs. emails sent or opened. The phish prone percentage is valuable in measuring the effectiveness of a security awareness program. As employees click links, they can be scheduled for security awareness refresher courses.
Newsletter Article Engagement
The purpose of an educational newsletter is to reinforce core principles. Therefore, articles must be interesting enough to ensure that employees remain engaged. eSecurity Awareness sends a monthly security awareness newsletter digest which includes a summary for each article. When an end-user clicks a link to read more, it is tracked to help determine which articles are most effective.
Simulated Exploitation
Employees can be tested using simulated exploitation techniques using USB drives that are dropped near company facilities or scripts embedded in pages linked in phishing emails. eSecurity Awareness records when an employee fails a simulated exploitation exercise and includes metrics in monthly reports.
GET STARTED TODAY!
There is no better time to start than right now. Hackers are continuously working to get past business defenses. The first and most critical step is to educate employees followed by reinforcement, testing and measurement. Effective security awareness is a continuous process rather than a once per year event. We do the heavy lifting for you, providing time-tested methodologies coupled with unparalleled expertise.
