Content, Content

Realistic Cybersecurity Simulations Deliver Strongest ROI for Training Programs, Security Innovation Finds

Credit: Getty Images

Realistic cybersecurity simulations are “highly effective” and deliver the strongest return on investment (ROI) when compared to other training methods, according to a new study by Security Innovation, a software security assessment and training provider.

Rise of Cybersecurity Training Simulations

Key findings from the research, which surveyed roughly 1,000 organizations in 17 countries to assess the value of realistic simulations in cybersecurity training, include the following:

  • 60% of companies now include realistic simulations as part of their cybersecurity training programs compared to 36% in 2020.
  • ROI for cybersecurity programs incorporating realistic simulation grew from an average of 30% in 2020 to 40% in 2023.
  • 53% of companies include training as part of the onboarding process, with 55% of programs incorporating content tailored to a learner’s specific job role, an increase of 12% over 2020.
  • The broad adoption of cybersecurity training practices was shown to substantially improve a company’s Security Effectiveness Score (SES) and strengthen its overall security posture.
  • Driven by a remote workforce, in-person and classroom training venues declined by 50%, as programs moved to cloud-based platforms.
  • 45% of companies do not allow learners to waive cybersecurity training requirements compared with only 20% in 2020.
  • 53% of companies now report results to C-level executives in their organization, up from 31% in 2020.
  • On average, organizations spend $3.5 million annually on cybersecurity programs, a 20% increase over 2020, while large enterprises can spend up to $6 million annually.

Touting his company’s training programs, Security Innovation CEO Ed Adams said:

“Our complete coverage for all those that build, operate, and defend software combined with the industry’s only software-focused cyber range are unrivaled in accelerating job-specific security skills development.”

Training Best Practices

Security Innovation also recommends the following for training best practices:

  • Training includes realistic simulations
  • Content is tailored to a learner’s job role
  • Methods are available to measure training program effectiveness
  • Results are reported to C-level executives
  • Broad adoption
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.