Building a business case for your security awareness program is always a challenge. Budgets are tight and it can be difficult quantifying the human risk. You need every weapon possible, and this is why we have a Security Awareness Business Justification section on our free resources page. Checkpoint just published a social engineering survey that may be able to help you also. They surveyed 850 IT administrators about social engineering attacks and defenses in their organization. The survey results are simple to read and there may be some interesting statistics that can help support your program. For example
- 48% of all participants cite an average per incident cost of over $25,000
- 30% of large companies cite a per incident cost of over $100,000
- 48% of large companies and 32% of companies of all sizes have experienced 25 or more social engineering attacks in the past two years
- New employees (60%), contractors (44%), and executive assistants (38%) are cited to be at high risk for social engineering techniques.