Please fill in the form below to subscribe to our blog

3 Times Security Awareness Training Would Have Saved the Day

March 31, 2022

Real-World Examples of Cybersecurity Nightmares That Could Have Been Avoided


Security and compliance awareness training transforms a company’s greatest security risk — its people — into its greatest defensive asset. When companies empower their employees through security awareness training, they gain a host of unbeatable benefits like reduced security costs, increased compliance and a big edge against cyberattacks. These scenarios offer concrete examples of the cyber dangers that organizations are facing today and the consequences of failing to prepare employees to handle them.  

Excerpted in part from the NEW eBook The Business Case for Security Awareness Training. DOWNLOAD IT>> 


Use this eBook to show budget controllers in dollars and cents why security & compliance training is a smart investment. GET IT>>


Scenario 1: A Ransomware Nightmare 


A ransomware attack takes place every 11 seconds, and no business is safe from this menace. The most likely tool cybercriminals use to launch ransomware attacks is phishing email — and if employees aren’t aware of what to be on the lookout for, it could spell disaster. 

Here’s how an incident like this might unfold: 

An employee checks the messages in their email inbox. They open a message that tells them that they need to fill out some important human resources paperwork right away. Conveniently, the form they need to complete is attached to the email. The employee quickly opens the attachment to take care of it. However, they don’t just download a form — they also download ransomware. About 50% of ransomware attacks target businesses with fewer than 100 employees. 

What might happen if an employee action at my company causes this security failure? 

The cybercriminals perpetrating this attack might use ransomware to do any number of devastating things: 

  • Encrypt the victim company’s data, computers, machines, production line or other business systems, paralyzing their operations. 
  • Steal data, records, employee information, patient files, formulas, blueprints, financial data, customer lists or other proprietary data. 
  • Threaten to damage the victim company by publicizing the attack or releasing information in the stolen data that could cause the victim embarrassment or harm. 
  • Demand payment to provide remedies for these problems — and the average ransom demand is $570,000. 

Possible Outcomes 

Nothing good awaits a business that fails to defend against a ransomware attack.

Possibility: The attacked organization agrees to pay the ransom in a misguided attempt to resume normal business quickly.

The victim company will most likely experience downtime, potentially losing revenue and business opportunities. Companies impacted by ransomware lose an average of six working days

  • An estimated 70% of the damaged company’s employee productivity is lost while the incident is being remediated.  

Regulators pounce because the victim has violated data protection rules, slapping the victim with big penalties that increase data breach cost an average $2.3 million

The company that was successfully attacked experiences reputation damage through bad publicity.

How does security awareness training help? 

Trained employees are alert to the danger presented by unexpected messages, even when they’re official sounding. They’re also armed with the skills that they need to take the right actions when faced with a suspicious message, like checking for common red flags that indicate phishing. The knowledge that employees gain from security awareness training improves phishing awareness by an estimated 40%.   


Are your users ready to handle all of the risks they face daily? Make sure you’ve covered all the bases! GET A CHECKLIST>>


Scenario 2: A BEC Disaster 


While ransomware may be the cyberattack that gets all the attention, business email compromise (BEC) is the cyberattack that can do the most damage to businesses. BEC is the costliest cybercrime, with an adjusted loss of approximately $1.8 billion in 2021. BEC typically starts with a phishing message and ends with cybercriminals getting cash or credentials from the victim.

Here’s how a BEC incident might unfold for a business: 

An employee at Company A receives an email that appears to be from their contact at Company B — a service provider for Company A. The email tells the user that they need to pay a legitimate outstanding invoice and warns that their service may be disrupted if they don’t pay it immediately. Company A usually pays Company B via wire transfer. The message advises Company A that Company B’s banking information has changed, and Company A should send payment to this new account. Company A complies, sending a large sum of money to the new account. However, there is no new account for Company B, and Company A has been scammed

What might happen if an employee action at my company causes this security failure? 

Any or all of the following could happen, and all of these consequences are unpleasant. 

If you work at Company A: 

  • Your company sends almost always unrecoverable money to cybercriminals via wire transfer, gift card or electronic payment. 

If you work at Company B: 

  • An employee gives up their password, enabling cybercriminals to log in to your systems. 
  • Bad actors obtain a privileged password that allows them to access sensitive systems or data. 
  • Cybercriminals take over accounts that enable them to pose as your company to commit other cybercrimes. 

Possible Outcomes 

Both companies incur big expenses and bigtime trouble.

Company A  

  • An employee transfers large sums of money to the cybercriminals. The median cost of a BEC loss is $764,000

Company B 

How does security awareness training help? 

If you’re Company A, training helps by making employees more vigilant. A security-savvy employee would smell a rat in this scenario. They’d know the best practice here would be to contact Company B via other means (like a phone call) to verify the legitimacy of the request and notify their supervisor or IT team of the issue. 

If you’re Company B, training helps by teaching employees to be wary of anyone asking for their login credentials. Security awareness training empowers employees with the knowledge that they need to avoid cybercriminal traps like that that can lead to a BEC incident. That’s one reason why security-related risks are reduced by 70% when businesses invest in cybersecurity awareness training. 

By preventing an employee from getting fooled, Company B also avoids an expensive, stressful incident investigation and cleanup. Even a modest investment in security awareness and training has a 72% chance of significantly reducing the business impact of a cyberattack. 


Learn 5 red flags that could indicate a malicious insider is at work in your organization! DOWNLOAD INFOGRAPHIC>>


Scenario 3: A Human Error Calamity 


Employees are human, and human beings make mistakes. While those mistakes are sometimes just unfortunate problems, more often than not employees make bad choices when it comes to security because they just don’t know any better — like entering their password on a phishing site or falling for social engineering tricks. Employee mistakes, whether they’re caused by carelessness or simple ignorance, create over 60% of security incidents.  

Here’s how an employee mistake incident like this might unfold for a business: 

An employee receives an email telling them that they need to change their password for Office 365. The email contains a link to help them do it. The unsuspecting employee clicks on the link, which goes to a web page that looks legitimate to them — it has Microsoft’s logo and everything. The employee then enters their password and chooses a new one. However, the email prompting the password change as well as the web page are fake, and the employee just gave their login credentials to cybercriminals. 

What might happen if an employee action at my company causes this security failure? 

Any or all of the following security nightmares could unfold: 

Possible Outcomes 

One employee mistake can kick off a chain of events that ends in a disaster. 

  • Bad actors use stolen login credentials to deploy ransomware or otherwise harm the victim company. Almost 30% of untrained users in a social engineering study fell for phishing lures that enticed them to click on malicious links, download suspicious files and email attachments, enter their credentials at a fake site and even correspond with cybercriminals. 
  • Cybercriminals are able to steal data from the employee’s company — 95% of data breaches are caused by people making mistakes. 
  • Bad actors access or obtain protected data, resulting in the company incurring a large penalty and the potential loss of a contract. 
  • The victim’s employer must now begin an incident investigation and response. About 60% of organizations say employee-involved security incidents have become more frequent.  

How does security awareness training help? 

  • Security awareness training improves overall password security by as much as 50%. 
  • Security awareness training reduces the costs that companies incur because of phishing like lost productivity and incident response by more than 50%. 

The Guide to Reducing Insider Risk can help IT pros stop security incidents before they start! GET IT>>


Security and Compliance Awareness Training is Easy and Affordable


With risks like these around every corner, it’s easy to see why every company needs to make a powerful defense against phishing a top priority to avoid joining the ranks of the 60% of businesses that fold in the wake of a cyberattack. The ID Agent digital risk protection platform answers that call. 

 BullPhish ID – This freshly revamped security awareness training solution is packed with features that make the training process efficient, effective and easy. 

  • Preloaded phishing kits help employees learn to spot and resist the phishing lures or scenarios they face every day.  
  • Video lessons on subjects like ransomware, compliance, password safety, security hygiene and more give every employee a solid grounding in cybersecurity best practices. 
  • We add 4 new videos a month in 7 languages to make sure that your users are trained on the risks and compliance requirements that they’re facing right now! 
  • Automate training delivery, testing and reporting.  

Book a demo of BullPhish ID now!


security awareness training cuts costs represented by a bright blue-white digitized dollar bill on a red, white and navy background of computer code

Stop cyberattacks & save money: See why security awareness training is your best investment. DOWNLOAD NOW>>



let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!

LEARN MORE>>


Is your password compromised? Find out in seconds!

USE OUR PASSWORD COMPROMISE CHECKER>>


Book your demo of Dark Web ID, BullPhish ID and Passly now!

SCHEDULE IT NOW>>