News & Events

Press Releases

Ponemon Cybersecurity Training Study Finds Significant Shifts In Cybersecurity Training Over Past Two Years with 24% Higher Use of Simulated Environments

Study finds Realistic Simulation Training Provides an Average ROI of 40%

Wilmington, MA – May 22, 2023Security Innovation, a leader in software security assessment and training today revealed the results of their sponsored study with Ponemon Institute, the 2023 Study on Cybersecurity Training Benchmarks: The Value of Realistic Simulation. This second edition of the report examines cybersecurity training trends for more than 1,000 organizations in 17 countries.

The report revealed a growing embrace of realistic simulations in training programs with respondents ranking this feature as both highly effective and delivering the greatest ROI compared with other cybersecurity training program components.

Key findings of the 2023 Study on Cybersecurity Training Benchmarks

The report found significant positive shifts in training programs since 2020.

  • 24% Increase in Realistic Simulations: 60% of companies now include realistic simulations as part of their cybersecurity training programs compared to 36% in 2020. ROI for cybersecurity programs incorporating realistic simulation grew from an average of 30% in 2020 to 40% in 2023.
  • Relevant Content and Broad Adoption: More than half (53%) of companies include training as part of the onboarding process, with 55% of programs incorporating content tailored to a learner’s specific job role, an increase of 12% over 2020. The broad adoption of cybersecurity training practices was shown to substantially improve a company’s Security Effectiveness Score (SES) and strengthen its overall security posture.
  • Training moves to the cloud: Driven by a remote workforce, in-person and classroom training venues declined by 50% as programs move to cloud-based platforms.
  • Accountability: Many companies have implemented accountability measures by making training requirements mandatory – 45% of companies do not allow learners to waive cybersecurity training requirements compared with only 20% in 2020 – while 53% now report results to C-level executives in their organization, up from 31% in 2020.

Take-up rate of 17 training benchmarks

“Companies are investing considerable amounts to address the growing cybersecurity skills gap. As a result, we are seeing broader adoption of training best practices and increased scrutiny around program results, although there is still a long way to go. Realistic simulations and role-based learning are key to program effectiveness and ROI” said Dr. Larry Ponemon, founder of the Ponemon Institute.

“The findings in the Ponemon Report reflect what we’ve experienced with our clients over the last decade, namely the need for engaging training methods that teams actually want and managers can measure,” said Ed Adams, CEO of Security Innovation. “Our complete coverage for all those that build, operate, and defend software combined with the industry’s only software-focused cyber range are unrivaled in accelerating job-specific security skills development.”

Cybersecurity training investment increased by 20%

Cybersecurity training budgets have steadily increased despite the decline in in-person training. On average, organizations spend $3.5 million annually on cybersecurity programs, a 20% increase over 2020 while large enterprises can spend up to $6 million annually.

Best Practices for Effective Training

Ponemon collected seventeen benchmarks from study participants and grouped the benchmarks into three categories: content, measurement and governance and delivery. Of these, the following factors were ranked as having the greatest impact on training program effectiveness and program ROI:

  • Training includes realistic simulations
  • Content is tailored to a learner’s job role
  • Methods are available to measure training program effectiveness
  • Results are reported to C-level executives
  • Broad adoption

Dr. Larry Ponemon, founder of the Ponemon Institute, a research “think tank” dedicated to advancing privacy, data protection and information security practices will join Amy Severson, Director of Customer Success at Security Innovation for a discussion on Making Security Skills Stick – Findngs from Ponemon Research on May 23, 2023 at 12 pm EDT. Register for the webinar here. To learn more about the Ponemon Institute’s findings on Cybersecurity Training Benchmarks, download the study or view the infographic from Security Innovation.

About Security Innovation

Security Innovation is a pioneer in software security and literally wrote the book on How to Break Software Security. Since 2002, organizations have relied on our assessment and training solutions to secure software wherever it runs. Our training solutions combine interactive modules, scenario-based labs, and hands-on cyber ranges to build skills that stick. Visit to learn how we can help you launch a best-in-class security program.

About Ponemon Institute

Ponemon Institute was founded in 2002 by Dr. Larry Ponemon. Headquartered in Michigan, Ponemon Institute is considered the pre-eminent research center dedicated to privacy, data protection and information security policy. Our annual consumer studies on privacy trust are widely quoted in the media and our research quantifying the cost of a data breach has become valuable to organizations seeking to understand the business impact of lost or stolen data.

Media Contact:
Jennifer Asaro