Question 1

What is the ROI of security awareness training?

Accepted Answer

Proofpoint's 2023 research shows that $1 invested in security awareness training returns approximately $40 in avoided breach costs. Organisations running monthly simulated phishing campaigns see click rates fall from ~30% to under 5% within 12 months, dramatically reducing the probability of a successful attack.

Question 2

How much does security awareness training cost?

Accepted Answer

Security awareness training platforms typically cost $20–$50 per employee per year, depending on features and contract length. Enterprise platforms like KnowBe4, Proofpoint Security Awareness Training, and Cofense include phishing simulation, micro-training, and reporting. Annual CBT-only programmes can cost as little as $5–10 per employee.

Question 3

Does MFA prevent phishing attacks?

Accepted Answer

Standard MFA (SMS, TOTP) does not prevent phishing — attackers use real-time phishing proxies (EvilProxy, Modlishka) that capture and relay OTP codes instantly. Phishing-resistant MFA using FIDO2 hardware keys or passkeys is highly effective, as credentials are domain-bound and cannot be replayed on attacker-controlled sites.

Question 4

What is the most cost-effective phishing prevention measure?

Accepted Answer

For most organisations, monthly simulated phishing training offers the best ROI — typically 20–50x return on investment. Combining training with DMARC email authentication (prevents domain spoofing) and a good email security gateway (blocks most phishing before it reaches users) provides layered defence at relatively low cost.

Phishing Prevention ROI Calculator

Your Organisation

Training Programme

Security Tools (optional)

Industry Benchmarks