Realistic Cybersecurity Simulations Deliver Strongest ROI for Training Programs, Security
60% of companies now include realistic simulations as part of their cybersecurity training programs.
Credit: Getty Images
by D. Howard Kass • May 23, 2023
Realistic cybersecurity simulations are “highly effective” and deliver the strongest return on investment (ROI) when compared to other training methods, according to a new study by Security Innovation, a software security assessment and training provider.
Rise of Cybersecurity Training Simulations
Key findings from the research, which surveyed roughly 1,000 organizations in 17 countries to assess the value of realistic simulations in cybersecurity training, include the following:
- 60% of companies now include realistic simulations as part of their cybersecurity training programs compared to 36% in 2020.
- ROI for cybersecurity programs incorporating realistic simulation grew from an average of 30% in 2020 to 40% in 2023.
- 53% of companies include training as part of the onboarding process, with 55% of programs incorporating content tailored to a learner’s specific job role, an increase of 12% over 2020.
- The broad adoption of cybersecurity training practices was shown to substantially improve a company’s Security Effectiveness Score (SES) and strengthen its overall security posture.
- Driven by a remote workforce, in-person and classroom training venues declined by 50%, as programs moved to cloud-based platforms.
- 45% of companies do not allow learners to waive cybersecurity training requirements compared with only 20% in 2020.
- 53% of companies now report results to C-level executives in their organization, up from 31% in 2020.
- On average, organizations spend $3.5 million annually on cybersecurity programs, a 20% increase over 2020, while large enterprises can spend up to $6 million annually.
Touting his company’s training programs, Security Innovation CEO Ed Adams said:
“Our complete coverage for all those that build, operate, and defend software combined with the industry’s only software-focused cyber range are unrivaled in accelerating job-specific security skills development.”
Training Best Practices
Security Innovation also recommends the following for training best practices:
- Training includes realistic simulations
- Content is tailored to a learner’s job role
- Methods are available to measure training program effectiveness
- Results are reported to C-level executives
- Broad adoption