Notable data breaches that took place during the first half of2015 and affected millions, such as Anthem and OPM, have left manyCEOs and CISOs scrambling. As a result, security awareness trainingis taking place more often in organizations' boardrooms – not justlunch rooms.

Stu Sjouwerman, CEO of the Tampa, Fla.-based KnowBe4, explained,“With the average cost of a data breach skyrocketing and costs ofransomware infections running more than $18,000 per victim,relegating security awareness training to an annual lunchtime'death by PowerPoint' is no longer a viable option.”

He added that many companies have found their backup systemsfailed after a ransomware infection, pointing to a need for moreproactive action.

Data from the FBI's Internet Crime Complaint Center (IC3) showsransomware continues to spread and is infecting devices around theglobe.

IC3 said CryptoWall and its variants have been targeting U.S.victims since April 2014. The financial impact to victims goesbeyond the ransom fee itself, which is typically between $200 and$10,000. Many victims incur additional costs associated withnetwork mitigation, network countermeasures, loss of productivity,legal fees, IT services, and/or the purchase of credit monitoringservices for employees or customers. Between April 2014 and June2015, the IC3 received 992 CryptoWall-related complaints, withvictims reporting losses totaling more than $18 million.

“People are used to having a technology solution [but] socialengineering bypasses all technologies, including firewalls,”KnowBe4 Chief Hacking Officer Kevin Mitnick said. “Technology iscritical, but we have to look at people and processes. Socialengineering is a form of hacking that uses influence tactics.”

Phishing – and its aftermath – is the most serious concern forfive out of six of security-focused decision makers, according tothe Black Diamond, Wash.-based firm Osterman Research. “It isimportant to invest sufficiently in employee training so that the'human firewall' can provide the best possible initial line ofdefense against increasingly sophisticated phishing and othersocial engineering attacks,” the firm stated.

Risk managers know it is far cheaper to train users than to paythe fines and heavy costs associated with a data breach, which Juniper Networks estimates to account for$2.1 trillion dollars by 2019.

Sjouwerman said the majority of KnowBe4's growth has taken placein the financial sector, an area that is targeted four times asoften as other industries. He said companies in the financialsector have taken the initiative to move away from the annual,compliance-focused “break room” training approach to a moreeffective, behavioral-based approach – they've begun to use KevinMitnick Security Awareness Training, which teaches users how torecognize threats with a combination of online, on-demand trainingand simulated phishing attacks that arrive in their inbox atwork.

“Since we are the only company to offer a crypto-ransomguarantee [KnowBe4 covers the ransom in Bitcoin if a customer getshit with ransomware after training its users], we moved up on thepriority list,” Sjouwerman explained.