Studies from Stanford University show that about 88% of all successful cyber attacks and data leaks are due to human error, and about 43% of working-age people admit to having made mistakes that compromised their company's cybersecurity. To reduce the number of such mistakes, companies are increasingly looking to train their staff on potential cyber risks.
For a large German automotive supplier, despite a basic awareness offering for its 10,000+ employees, participation in cybersecurity training was very low. Regular phishing attacks posed challenges. CyberCompare was tasked with increasing the participation rate in awareness training by finding a suitable provider. We began by identifying the company-specific requirements along a questionnaire we developed. For example, the company had a wide variety of functional groups and a very heterogeneous workforce. We then selected three suitable providers based on seven criteria. In addition to the content structure, price-performance ratio and test evaluation quality of providers, especially we focused on the ease of integration into existing systems and applications. We then created an anonymous RFQ among potentially suitable service providers. Subsequently, we organized provider presentations for the customer. The selection of a suitable offer by the customer was supported by CyberCompare.
Participation in awareness measures was significantly increased through attractive offers. In particular, the group-specific training courses increased acceptance of the measures and promoted awareness among specialists in the company. Phishing tests were used to test the implementation of the skills learned. The click rate of a potentially dangerous mail was reduced from 50% to 10% after only a short time.