the total economic impact™ of inspired elearning’s ...€¦ · costs. the organization...
TRANSCRIPT
A Forrester Total Economic Impact™
Study Commissioned By Inspired
eLearning
June 2019
The Total Economic Impact™ Of Inspired eLearning’s Security First Solutions
Cost Savings And Business Benefits Enabled By Inspired eLearning’s Security First Solutions
Table Of Contents Executive Summary 1
Key Findings 1
TEI Framework And Methodology 3
The Inspired eLearning Security First Solutions Customer Journey 4
Interviewed Customers 4
The Composite Organization 4
Key Business Goals And Objectives 5
Key Results 5
Analysis Of Benefits 6
License And Implementation Savings Compared To Previous Security Awareness Training Environment 6
Employee Time Savings With Inspired eLearning 7
Forrester: The Impact Of A Breach And Value Of Inspired eLearning Security First Solutions 9
Unquantified Benefits 10
Flexibility 11
Analysis Of Costs 12
Labor To Implement And Manage Inspired eLearning 12
Inspired eLearning Security First Solution Fees 13
Financial Summary 15
Inspired eLearning Security First Solutions Overview 16
Appendix A: Total Economic Impact 17
Project Director:
Bob Cormier
Vice President and Principal Consultant
1 | The Total Economic Impact™ Of Inspired eLearning’s Security First Solutions
Executive Summary
Inspired eLearning’s Security First Solutions are a multilingual, packaged
security awareness program that delivers assessments, security
awareness training, and phishing simulations through integrated learning
paths. These software-as-a-service (SaaS) solutions are designed to
enhance an organization’s security posture and drive behavioral change.
Included is a curated learning path to deliver monthly security awareness
education to each employee. You can read more in the Inspired eLearning
Security First Solutions Overview section of this study.
Inspired eLearning commissioned Forrester Consulting to conduct a Total
Economic Impact™ (TEI) study and objectively examine the potential ROI
that organizations may realize by deploying its Security First Solutions.
The purpose of this study is to provide readers and prospects with a
framework to evaluate the potential financial impact of Inspired eLearning
Security First Solutions on their organizations.
To better understand the benefits, costs, and risks associated with this
investment, Forrester conducted in-depth interviews with four customers,
averaging about two years of experience using various components of
Inspired eLearning security awareness solutions. As Forrester does for all
its TEI studies, we used data from the four interviews and created a
composite Organization to illustrate the quantifiable benefits and costs of
investing in Inspired eLearning’s Security First Solutions. The composite
Organization is in the B2C and B2B products and services business. It
does business globally, and its employees have taken part in Inspired
eLearning’s Security First Solutions for the last three years. For more
information, see The Composite Organization section.
Forrester note: Even the most sophisticated technologies and well-crafted
policies can be rendered useless when employees simply decide to — or
unknowingly — break the rules. Because of this, and because many
cybersecurity attacks are personally tailored to mimic daily, routine
actions, it’s more difficult than ever to protect your workforce against
today’s threats. Security awareness and training solutions can help.
Key Findings
Quantified benefits. The composite Organization experienced the
following risk-adjusted present-value (PV) quantified benefits, totaling
$116,986 over a three-year period (see the Analysis Of Benefits section for
more details).
› License and implementation savings compared to previous
environment security awareness training environment — $50,420.
› Employee time savings with Inspired eLearning Security First
Solutions — $44,744.
› Cost avoidance benefits of PhishProof simulation tool — $21,822.
In addition to the quantified benefits listed above, the interviewed
customers discussed several qualitative features or benefits from using
Inspired eLearning Security First Solutions (see the Unquantified Benefits
section for more details).
Costs. The Organization experienced the following PV costs totaling
$21,594 (see the Analysis Of Costs section for more details):
Selected Key Metrics License and implementation savings compared to previous security training solutions: $50,420
Employee time savings with Inspired eLearning: $44,744
Cost avoidance benefits of PhishProof simulation tool: $21,822
Total quantified benefits:
$116,986 (risk- and PV-adjusted)
2 | The Total Economic Impact™ Of Inspired eLearning’s Security First Solutions
› Labor to implement and manage Inspired eLearning Security
Awareness Training — $4,412 (risk- and PV-adjusted).
› Inspired eLearning Security First Solution fees — $17,182 (PV-
adjusted).
Forrester’s interviews and subsequent financial analysis found that the
Organization experienced benefits of $116,986 over three years versus
costs of $21,594, adding up to a net present value (NPV) of $95,392, with
a payback period of less than six months and an ROI of 442%.
If risk-adjusted costs, benefits, and ROI still demonstrate a compelling
business case, it raises confidence that the investment is likely to succeed
because the risks that threaten the project have been taken into
consideration and quantified. The risk-adjusted numbers should be taken
as realistic expectations, as they represent the expected value considering
risk. Assuming normal success at mitigating risk, the risk-adjusted
numbers should more closely reflect the expected outcome of
the investment.
$50.4K
$44.7K
$21.8K
License andimplementation
savings comparedto the previous
security awarenesstraining environment
Employee timesavings with
Inspired eLearningSecurity First
Solutions
Cost avoidancebenefits ofPhishProof
simulation tool
Benefits (Three-Year)
ROI 442%
Benefits PV $116,986
NPV $95,392
Payback less than six months
3 | The Total Economic Impact™ Of Inspired eLearning’s Security First Solutions
TEI Framework And Methodology
From the information provided in the interview, Forrester has constructed a
Total Economic Impact™ (TEI) framework for those organizations
considering investing in Inspired eLearning’s Security First Solutions.
The objective of the framework is to identify the cost, benefit, flexibility, and
risk factors that affect the investment decision. Forrester took a multistep
approach to evaluate the impact that Inspired eLearning’s Security First
Solutions can have on an organization:
DUE DILIGENCE Interviewed Inspired eLearning’s Security First Solutions stakeholders and Forrester subject matter experts to gather data relative to Security First Solutions.
CUSTOMER INTERVIEWS Interviewed four customers using Inspired eLearning security awareness training solutions to obtain data with respect to costs, benefits, and risks.
FINANCIAL MODEL FRAMEWORK Constructed a financial model representative of the interviews using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewed organizations.
CASE STUDY Employed four fundamental elements of TEI in modeling the impact of Inspired eLearning’s Security First Solutions: benefits, costs, flexibility, and risks. Given the increasing sophistication that enterprises have regarding ROI analyses related to IT investments, Forrester’s TEI methodology serves to provide a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.
The TEI methodology
helps companies
demonstrate, justify,
and realize the
tangible value of IT
initiatives to both
senior management
and other key
business
stakeholders.
DISCLOSURES
Readers should be aware of the following:
This study is commissioned by Inspired eLearning and delivered by Forrester
Consulting. It is not meant to be used as a competitive analysis.
Forrester makes no assumptions as to the potential ROI that other
organizations will receive. Forrester strongly advises that readers use their own
estimates within the framework provided in the report to determine the
appropriateness of an investment in Inspired eLearning’s Security First
Solutions.
Inspired eLearning reviewed and provided feedback to Forrester, but Forrester
maintains editorial control over the study and its findings and does not accept
changes to the study that contradict Forrester’s findings or obscure the
meaning of the study.
Inspired eLearning provided the customer names for the interviews but did not
participate in the interviews.
4 | The Total Economic Impact™ Of Inspired eLearning’s Security First Solutions
The Inspired eLearning Security First
Solutions Customer Journey
BEFORE AND AFTER THE INSPIRED ELEARNING SECURITY FIRST
SOLUTIONS TRAINING INVESTMENT
Interviewed Customers
For this study, Forrester conducted interviews with the four Inspired
eLearning customers described below, each requesting anonymity:
When asked to confirm Inspired eLearning’s quoted value proposition,
each customer agreed with the following: “Inspired eLearning’s security
awareness and compliance training solutions effect meaningful,
sustainable changes in my workforce. Employees are empowered to be
proactive against potential threats and regulatory violations, which leads
to positive and measurable changes to the organizational culture.”
The Composite Organization
As Forrester does for all its TEI studies, we used data from the four
customer interviews and created a composite Organization to illustrate
the quantifiable benefits and costs of investing in Inspired eLearning’s
Security First Solutions. The composite Organization is in the B2C and
B2B products and services business. It does business globally and has
between 500 and 605 employees who have taken part in Inspired
eLearning’s Security First Solutions training for the last three years. The
Organization invested in the Inspired eLearning’s Preferred SaaS
solution described as follows:
Preferred — an enterprise-quality solution designed to enhance the
Organization’s security posture by highlighting educational activities to
drive retention and behavioral change. The Organization chose a
security awareness foundational approach of up to 10 modules focused
on its most pressing security needs. It’s paired with a phishing simulation
program and knowledge assessment milestones within a turnkey
solution. Inspired eLearning’s solutions reduce the potential of human-
related breaches and reduce the operational complexity of running a
comprehensive security awareness program.
INDUSTRY EMPLOYEES TRAINED INTERVIEWEE
MONTHS USING INSPIRED
eLEARNING
Healthcare 300 HR generalist 36 months
Transportation 35 Owner 24 months
Accounting firm 500 Partner in charge of learning and
development 22 months
Technology 30 CEO 6 months
“With 100% of our employees
trained on Inspired eLearning
security awareness modules,
we gain incremental
opportunities to serve
customers within security-
conscious verticals such as
healthcare, financial services,
government and other regulated
industries. These customers
require certain security audit
controls including security
awareness training. If we
discontinued this training, it
could put a significant portion of
our business in jeopardy.”
CEO, technology company
5 | The Total Economic Impact™ Of Inspired eLearning’s Security First Solutions
Key Business Goals And Objectives
After extensive review processes evaluating several vendors, each
customer selected Inspired eLearning, as each believed it could satisfy
business goals and objectives in the following categories, also shared by
the Organization:
› To improve their security culture and their focus on cyber- and physical
security.
› To significantly reduce the chance of breach or compromise.
› To avoid lost employee productivity due to security incidents.
› To correct employees’ lack of awareness about security threats and
drive positive security awareness behavior.
› To have a solution that was simple to administer, monitor, and show a
return on investment with. This was because the interviewed
customers’ and the composite Organization’s resources were limited
for launching and managing a training program.
› To meet security compliance guidelines mandated by regulatory
entities and its customers including the Payment Card Industry (PCI),
the Health Insurance Portability and Accountability Act of 1996
(HIPAA), and the General Data Protection Regulation (GDPR).
› To continue to avoid regulatory compliance penalties or fines.
› To be able to measure the impact of training, which had always been a
challenge.
› To improve employee adoption and retention of the information learned
in past training modules.
Key Results
The customer interviews revealed beneficial functionality attributed to
their investments in Inspired eLearning Security First Solutions (specific
financial benefit details are available in the Analysis Of Benefits section),
as listed below:
› License and implementation savings compared to previous
environment security awareness training environments.
› Employee time savings compared to previous environment security
awareness training solutions.
› Cost avoidance benefits of PhishProof simulation tool.
In addition to the benefits listed above, the interviewed customers
discussed several qualitative features or benefits from using Inspired
eLearning Security First Solutions (see the Unquantified Benefits section
for more details).
“Inspired eLearning security
awareness training has really
opened our eyes to various
security threats we hadn’t
considered before. Training our
employees has helped us avoid
and mitigate certain threats that
could have a negative impact
on our revenue and reputation.”
Partner, accounting firm
6 | The Total Economic Impact™ Of Inspired eLearning’s Security First Solutions
Analysis Of Benefits
QUANTIFIED BENEFIT AND COST DATA
Note: Atr, Btr and Ctr refer to benefit totals in the tables below.
License And Implementation Savings Compared To Previous Security
Awareness Training Environment
Before its investment in Inspired eLearning, the Organization used a
combination of internally developed training materials and another
eLearning vendor’s materials. The Organization’s IT and HR managers
spent an inordinate amount of time motivating employees to take the
security training. It was a very time-consuming process to confirm that
employees had actually taken the training and if the training was
effective in reducing risk. Employees complained that the previous video
modules were not engaging as they included the same content year after
year. Adoption rates were anemic. Some interviewed customers reported
less than 50% adoption with their previous training solutions.
With Inspired eLearning, interviewed customers reported adoption rates
well over 90%, reducing the risk of a human-related breach.
In addition, each organization’s previous solution cost significantly more
from a software license and a cost-to-implement-and-maintain
perspective.
Modeling and assumptions. Based on customer interviews, the
Organization’s previous eLearning vendor’s on-premises solution license
cost $30,000 annually compared to between $6,400 and $7,563 annually
for Inspired eLearning’s Preferred Security First Solution. This saved the
Organization around $23,000 each year. In addition, the time and effort
to implement and maintain the previous solution was 208 hours initially
and 104 hours annually thereafter. In contrast, the time to implement the
Security First Solution was only 70 hours initially and 30 hours annually
thereafter. The table below calculates the savings compared to the
previous environment.
Risks. Forrester has risk-adjusted the software license and time and
effort savings downward by 25% in the table below due to interviewed
The table above shows the total of all benefits across the areas listed below, as well as present values (PVs) discounted at 10%. Over three years, the Organization expects risk-adjusted total
benefits to be a PV of nearly $117,000.
Total Benefits – The Organization
REF. BENEFIT YEAR 1 YEAR 2 YEAR 3 TOTAL PRESENT
VALUE
Atr
License and implementation savings compared to the previous security awareness training environment
$21,323 $19,916 $19,401 $60,639 $50,420
Btr Employee time savings with Inspired eLearning
$16,406 $18,047 $19,852 $54,305 $44,744
Ctr Cost avoidance benefits of PhishProof simulation tool
$8,775 $8,775 $8,775 $26,325 $21,822
Total benefits (risk-adjusted) $46,504 $46,738 $48,027 $141,269 $116,986
License and implementation savings compared to previous
training environment — 43% of total benefits
43%
three-year benefit PV
$50,420
7 | The Total Economic Impact™ Of Inspired eLearning’s Security First Solutions
customers having a wide range of previous environment costs and
subsequent savings with Inspired eLearning solutions.
This yielded a three-year risk-adjusted PV of $50,420.
Employee Time Savings With Inspired eLearning
Our Organization sought to use security awareness training to prepare
its workforce for recognizing and responding to phishing attacks, and to
rebrand security as a business enabler. The Organization wanted to
instill a security culture as part of its overall security strategy and as a
way to gain advocacy, support, and understanding from employees.
Using Inspired eLearning Security First Solutions, it wanted to engage
and entice employees to learn and care about security in the workplace.
The Organization wanted its initial 500 employees to participate in
security awareness training. According to customer interviews, with the
previous environment, employees spent on average 2.5 hours annually
with security awareness training materials. With Inspired eLearning,
employees spent half the time, or 1.25 hours with training materials.
Modeling and assumptions. The Organization grew its employee
population by 10% annually starting with 500 employees in Year 1, 550
employees in Year 2, and 605 in Year 3. Each of the employees saved
1.25 hours annually with Security First Solutions. At an average cost of
$35 per hour, the Organization saved between $21,875 and $26,469
License And Implementation Savings: Calculation Table
REF.
METRIC CALC./SOURCE YEAR 1 YEAR 2 YEAR 3
A1 Previous vendor’s license fees for security awareness training
Interviews $30,000 $30,000 $30,000
A2 Inspired eLearning Security First Solutions Fees - Preferred
Ft (Costs) $6,400 $6,875 $7,563
A3 Savings over previous vendor’s fees
A1-A2 $23,600 $23,125 $22,438
A4 Previous solution time and effort hours to manage training program
Interviews/hours 208 128 128
A5 Inspired eLearning time and effort hours to manage training program
Y1: E4 (Initial+Y1) Y2/Y3: E4 (Y2/Y3)
70 30 30
A6 Hours saved managing program with Inspired eLearning
A4-A5 138 98 98
A7 Average labor cost per hour Industry average $35 $35 $35
A8 Labor cost savings with Inspired eLearning
A6*A7 $4,830 $3,430 $3,430
At
License and implementation savings compared to the previous security awareness training environment
A3+A8 $28,430 $26,555 $25,868
Risk adjustment ↓25%
Atr
License and implementation savings compared to the previous security awareness training environment (risk-adjusted)
$21,323 $19,916 $19,401
Employee time savings with Inspired eLearning —
38% of total benefits
38%
three-year benefit PV
$44,744
8 | The Total Economic Impact™ Of Inspired eLearning’s Security First Solutions
annually (not yet risk- or PV-adjusted). See the table below for savings
details.
Risks. To be conservative, Forrester has risk-adjusted (reduced) savings
below by 25% to reflect interviewed customers’ variations on the training
time spent in their pre-Inspired eLearning environments and the average
labor cost per hour.
This yielded a three-year risk-adjusted total PV of $44,744.
Cost Avoidance Benefits Of PhishProof Simulation Tool Interviewed customers that were using Inspired eLearning’s PhishProof
simulation tool were able to test, train, measure, and improve their
phishing preparedness. On average, interviewed customers sending
periodic simulated phishing attempts to their employees decreased their
phishing susceptibility rate significantly. Prior to investing in Inspired
eLearning, the Organization experienced 40 phishing-related data
breaches each year, requiring PC remediation. With periodic phishing
simulation testing, the Organization eliminated 75% of data breaches
related to phishing — an improvement that allowed the Organization to
avoid both the $250 cost to remediate each infected PC and also PC
users’ lost productivity while machines were being repaired.
Modeling and assumptions. The Organization avoided the cost of
repairing 30 PCs per year at an average remediation cost of $250 per
machine. In addition, the PC users previously lost an average of 4 hours
of productivity during each repair at a rate of $45 per hour. The
Organization avoided these costs, totaling $11,700 annually (not yet risk-
and PV-adjusted).
Risks. To be conservative, the savings below have been risk-adjusted
(reduced) by 25% to reflect interviewed customers’ variations on the time
spent remediating infected PCs, lost user productivity, and the average
Impact risk is the risk that the business or technology needs of the organization may not be met by the investment, resulting in lower overall total benefits. The greater the uncertainty, the wider the potential range of outcomes for benefit estimates.
Employee Time Savings With Inspired eLearning: Calculation Table
REF. METRIC CALC./SOURCE YEAR 1 YEAR 2 YEAR 3
B1 Number of employees taking training Organization 500 550 605
B2 Previous solution time and effort hours to take training
Hours 2.50 2.50 2.50
B3 Inspired eLearning time and effort hours to take training
Hours 1.25 1.25 1.25
B4 Hours saved managing program with Inspired eLearning
B2-B3 1.25 1.25 1.25
B5 Average labor cost per hour Interviews $35 $35 $35
Bt Employee time savings with Inspired eLearning
B1*B4*B5 $21,875 $24,063 $26,469
Risk adjustment ↓25%
Btr Employee time savings with Inspired eLearning (risk-adjusted)
$16,406 $18,047 $19,852
Cost avoidance benefits of PhishProof simulation
tool — 19% of total benefits
19%
three-year benefit PV
$21,822
9 | The Total Economic Impact™ Of Inspired eLearning’s Security First Solutions
labor cost per hour.
This yielded a three-year risk-adjusted total PV of $21,822.
Forrester: The Impact Of A Breach And Value Of Inspired eLearning Security
First Solutions
Of the four customers interviewed, only one had experienced a breach
before investing in Inspired eLearning Security First Solutions. And no
interviewed customer had experienced a breach after (or during) training
its employees using Security First Solutions. Each customer reported
sleeping better at night knowing employees had been trained on security
awareness.
Using Forrester’s internal research, we can describe the potential cost
categories of a breach.
How much would a breach cost an organization? It depends — on
actions taken prior to the breach, the circumstances of the breach itself,
and IT’s response to the breach. And not all costs are direct, immediately
incurred costs. Employee data breaches may affect morale, attrition, and
future hiring of skilled talent. Breaches of intellectual property data may
directly affect both reputation and the bottom line over several years.
There are numerous factors that contribute to costs of a breach; here’s a
sample list:
› Type of data that was compromised.
› If personal data, number of records and individuals affected.
› Cause of the breach.
› Nature and timing of public disclosure.
› Whether or not the data was encrypted.
Cost Avoidance Benefits Of PhishProof Simulation Tool: Calculation Table
REF. METRIC CALC./SOURCE YEAR 1 YEAR 2 YEAR 3
C1 Before Inspired eLearning: Number of phishing-related infected PCs
Average per year 40 40 40
C2 After Inspired eLearning training: Number of phishing-related infected PCs
Average per year 10 10 10
C3 Reduced number of infected PCs with Inspired eLearning
C1-C2 30 30 30
C4 Cost to remediate each infected PC Average $250 $250 $250
C5 Total PC remediation costs C3*C4 $7,500 $7,500 $7,500
C6 Employee downtime avoided ($45 per hour) 4 hours*
$35/hour*C3 $4,200 $4,200 $4,200
Ct Cost avoidance benefits of PhishProof simulation tool
C5+C6 $11,700 $11,700 $11,700
Risk adjustment ↓25%
Ctr Cost avoidance benefits of PhishProof simulation tool (risk-adjusted)
$8,775 $8,775 $8,775
10 | The Total Economic Impact™ Of Inspired eLearning’s Security First Solutions
› Cyberinsurance.
› A tested incident response plan.
› Customer-facing breach response.
While breach costs can vary widely, there are certain categories of
common costs. Readers should consider both direct and indirect costs:
› Response and notification. This includes incident response costs
and the operational and service costs for external communications,
such as notifying affected individuals or customers as well as the
government or regulatory bodies that are required by law.
› Lost employee productivity and turnover. Employees are often
distracted from their day-to-day duties during a data breach. There
may also be downtime as a result of IT taking users or systems offline
to curtail the threat.
› Lawsuits and settlements. External counsel with expertise in privacy
and breach response can guide a response and help meet legal
obligations.
› Regulatory compliance. Organizations must stay current with the
dynamic landscape of regulatory requirements. With the GDPR and
upcoming privacy regulations coming in force, organizations will be
required to provide all personal data to an individual upon request.
This will likely cause operational costs to skyrocket, in addition to the
fines organizations would face in the case of a breach.
› Brand recovery. Rebuilding trust varies depending on your business
and industry. The length of the downturn can also vary depending on
the quality of breach response.
› Additional security and audit requirements. This includes the cost
of fixing infrastructure and onboarding new technology and equipment
to remediate the initial cause of breach. It also includes any mandated
security and audit requirements resulting from a legal or regulatory
settlement.
Unquantified Benefits
In addition to the quantified benefits listed above, the interviewed
customers discussed several qualitative features or benefits from using
Inspired eLearning Security First Solutions, including:
› Cybersecurity Quotient (CyQ). Inspired eLearning’s assessment
engine which measures organization’s program effectiveness. CyQ™
is comprised of pre-set questions and is best taken at the beginning of
training to establish a security education baseline. At the conclusion
of training, a post training CyQ assessment is administered and shows
the delta on your users’ cumulative security awareness improvement.
› Security Administrator Dashboard. Inspired eLearning’s single pane
of glass for security administrators. This dashboard allows
administrators to quickly see the most important aspects of their
security awareness program, such as upcoming training, phishing
susceptibly score, and multiple levels of organizational progress
through the program.
11 | The Total Economic Impact™ Of Inspired eLearning’s Security First Solutions
Flexibility, as defined by TEI, represents an investment in additional capacity or capability that could be turned into business benefit for a future additional investment. This provides an organization with the "right" or the ability to engage in future initiatives but not the obligation to do so.
› Off-the-shelf translations. Security First Solutions come
prepackaged with multiple off-the-shelf text translations and English
voiceovers. Additional voiceovers are included in select packages or
are available for purchase shall the need arise.
› Mobile App (available in Preferred and Elite). Inspired eLearning
offers Android and iOS applications that allow team members
throughout organizations to access security training content on the go
using the world’s most popular mobile devices.
Flexibility
The value of flexibility is clearly unique to each customer, and the
measure of its value varies from organization to organization. There are
scenarios in which a customer might choose to implement Inspired
eLearning’s Security First Solutions and later realize additional uses and
business opportunities, as follows:
› Incremental business opportunities. With 100% of the
Organization’s employees trained on Inspired eLearning security
awareness modules, it can take advantage of opportunities to serve
security-conscious customers within verticals such as healthcare,
financial services, government, and other regulated industries. These
customers may require certain security audit controls including security
awareness training.
› Regular PhishProof simulations. Routinely running phishing
simulations on employees prepares them to be your first line of
defense and is a key part of any effective security awareness program.
To reduce the likelihood of a breach, the Organization will continue to
use Inspired eLearning’s PhishProof simulation tool and will create the
following campaigns over the three years:
• Email phishing.
• Voice phishing (vishing).
• Text message phishing (smishing).
• USB phishing (USB baiting).
Phishing is a technique used by cybercriminals to acquire personal
information (such as credit card numbers or login credentials) by sending
an email that is designed to look just like it came from a legitimate source
but is intended to trick users into clicking on a malicious link or
downloading an attachment potentially laced with malware.
According to Inspired eLearning, with PhishProof, organizations of any
size can test, train, measure, and improve their phishing preparedness
all under one unified experience. Inspired eLearning’s research revealed
organizations that send simulated phishing attempts to their employees
once a month show a 27% decrease in clicks.
The concept of flexibility is further described in Appendix A.
12 | The Total Economic Impact™ Of Inspired eLearning’s Security First Solutions
Analysis Of Costs
Labor To Implement And Manage Inspired
eLearning
Based on the interviewed customers’ experiences, the internal labor
for the Organization associated with the initial planning and
deployment of Inspired eLearning Security First Solutions included one
human resources staff and one learning and development staff
spending 40 hours (initial year) preparing the environment to train 500
users.
On an ongoing annual basis, the staff mentioned above spent a total of
20 hours managing the training and retraining of new and existing users.
They spent another 10 hours annually managing the vendor relationship
with Inspired eLearning.
Modeling and assumptions. The table below includes hourly labor
costs associated with the two staff listed above.
Risks. Forrester risk-adjusted costs upward by 10% to reflect the
variability of each interviewed customer’s implementation and ongoing
management requirements.
The Organization’s total labor costs to implement and manage Inspired
eLearning Security First Solutions yielded a risk-adjusted total PV of
$4,412.
The table above shows the total of all costs across the areas listed below, as well as present values (PVs) discounted at 10%. Over three years, the organization expects total risk-adjusted costs to be a PV of $21,594.
Implementation risk is the risk that a proposed investment may deviate from the original or expected requirements, resulting in higher costs than anticipated. The greater the uncertainty, the wider the potential range of outcomes for cost estimates.
Total Costs
REF. BENEFIT INITIAL YEAR 1 YEAR 2 YEAR 3 TOTAL PRESENT
VALUE
Etr Labor to implement and manage Inspired eLearning
$1,540 $1,155 $1,155 $1,155 $5,005 $4,412
Ftr Inspired eLearning Security First Solutions fees
$0 $6,400 $6,875 $7,563 $20,838 $17,182
Total costs (risk-adjusted) $1,540 $7,555 $8,030 $8,718 $25,843 $21,594
13 | The Total Economic Impact™ Of Inspired eLearning’s Security First Solutions
Inspired eLearning Security First Solution Fees
Inspired eLearning provided Forrester with fees associated with a typical
Inspired eLearning customer of similar size to the Organization. The cost
for Inspired eLearning’s Preferred solution is $12.50 per user per year
and includes the following:
› Preferred Security Awareness Essentials. Learn to prevent, detect,
and respond to security threats such as password management and
identity theft. This covers general security awareness: phishing,
malware, physical security, password management, mobile security,
social engineering, social media, data security, cloud security, working
remotely, internet of things (IoT), and incident reporting.
› Eleven security awareness modules. Ensure retention with a series
of courses aimed at reinforcing key cybersecurity measures. Choose
any 11 security awareness modules or follow Inspired eLearning’s
recommended learning path.
› CyQ Cybersecurity Quotient. Inspired eLearning’s assessment
engine which helps organizations measure program effectiveness.
› Twelve PhishProof campaigns. Send phishing simulations either by
using premade templates or by customizing your own. Randomize or
schedule campaigns to target employees at any time of day, or create
vishing, smishing or USB baiting campaigns.
Modeling and assumptions. The table below represents Inspired
eLearning’s fees assessed to the Organization over three years.
Labor To Implement And Manage Inspired eLearning: Calculation Table
REF. COST CALC./SOURCE
INITIAL YEAR 1 YEAR 2 YEAR 3
E1 Preplanning security awareness training implementation
Hours/interviews 40 0 0 0
E2 Ongoing management of Inspired eLearning training and phishing campaigns
Hours/interviews 0 20 20 20
E3
Ongoing management of relationship with Inspired eLearning
Hours/interviews 0 10 10 10
E4 Total hours E1:E3 40 30 30 30
E5 Average labor cost per hour Industry average $35 $35 $35 $35
Et Labor to implement and manage Inspired eLearning
E4*E5 $1,400 $1,050 $1,050 $1,050
Risk adjustment ↑10%
Etr Labor to implement and manage Inspired eLearning (risk-adjusted)
$1,540 $1,155 $1,155 $1,155
14 | The Total Economic Impact™ Of Inspired eLearning’s Security First Solutions
Risks. Forrester did not risk-adjust this cost category as it represents a
fixed-price quote from Inspired eLearning. The Organization’s total fees
charged by Inspired eLearning are a PV-adjusted $17,182.
Inspired eLearning Security First Solution Fees: Calculation Table
REF. COST CALC./SOURCE
INITIAL YEAR 1 YEAR 2 YEAR 3
F1 Inspired eLearning Security First Solutions Fees — Preferred
Inspired eLearning/per user
$0 $12.50 $12.50 $12.50
F2 Number of employees/users Organization $0 500 550 605
F3 Security First fees — Preferred F1*F2 $0 $6,250 $6,875 $7,563
F4 Message plan (5,000 vishing/smishing credits)
Inspired eLearning $0 $150 $0 $0
Ft Inspired eLearning Security First Solutions fees
F3+F4 $0 $6,400 $6,875 $7,563
Risk adjustment 0%
Ftr Inspired eLearning Security First Solutions fees (risk-adjusted)
$0 $6,400 $6,875 $7,563
15 | The Total Economic Impact™ Of Inspired eLearning’s Security First Solutions
Financial Summary
CONSOLIDATED THREE-YEAR RISK-ADJUSTED METRICS
Cash Flow Chart (Risk-Adjusted)
If risk-adjusted costs, benefits, and ROI still demonstrate a compelling business case, it raises confidence that the
investment is likely to succeed because the risks that threaten the project have been taken into consideration and
quantified. Assuming normal success at mitigating risk, the risk-adjusted numbers should more closely reflect the
expected outcome of the investment.
-$0.0 M
$0.0 M
$0.0 M
$0.1 M
$0.1 M
$0.1 M
$0.1 M
$0.1 M
Initial Year 1 Year 2 Year 3
Cashflows
Total costs
Total benefits
Cumulative net benefits
These risk-adjusted ROI,
NPV, and payback period
values are determined by
applying risk-adjustment
factors to the unadjusted
results in each Benefit and
Cost section.
The financial results calculated in the Benefits and Costs sections can be used to determine the ROI, NPV, and payback period for the interviewed organization’s investment. Forrester assumes a yearly discount rate of 10% for this analysis.
Cash Flow Table (Risk-Adjusted)
INITIAL YEAR 1 YEAR 2 YEAR 3 TOTAL PRESENT
VALUE
Total costs ($1,540) ($7,555) ($8,030) ($8,718) ($25,843) ($21,594)
Total benefits $0 $46,504 $46,738 $48,027 $141,269 $116,986
Net benefits ($1,540) $38,949 $38,708 $39,310 $115,427 $95,392
ROI 442%
Payback period Under six
months
16 | The Total Economic Impact™ Of Inspired eLearning’s Security First Solutions
Inspired eLearning Security First Solutions Overview
The following information is provided by Inspired eLearning. Forrester has not validated any claims and does not
endorse Inspired eLearning Security First Solutions or its offerings.
ABOUT INSPIRED ELEARNING SECURITY FIRST SOLUTIONS
Build A Security First Culture
› Inspired eLearning’s Security First Solutions is a multilingual, packaged security awareness program. It
delivers assessments, security awareness training, and phishing simulations through integrated learning
paths. Powered by automation capabilities, Inspired eLearning has built 15+ years of enterprise cybersecurity
expertise into three new, off-the-shelf solutions to help businesses of any size or experience create a blueprint
for a Security First organization.
Protect Your Organization With PhishProof
› Successful phishing campaigns are the No. 1 cause for data breaches. Routinely running phishing simulations
on your employees helps prepare them to be your first line of defense and is a key part of any effective
security awareness program. Inspired eLearning has developed PhishProof as a sophisticated antiphishing
simulator tool to prepare an organization for all four phishing attack methods — email, phone, text, and USB
baiting.
Anytime, Anywhere Security Awareness Training
› Introducing a mobile app designed specifically for cybersecurity and compliance training. The new Inspired
eLearning Mobile App is an Android and iOS application that allows team members throughout the
organization to access training content on the most common mobile devices. Available at no charge to Inspired
eLearning customers, the Mobile App provides users with the same training courses they’d get at their
desktop, with the added flexibility and convenience that comes with portability. Training includes:
› Security awareness training courses.
› General security awareness.
› Phishing courses.
› Privacy.
› IT security.
› Mobile devices.
› Social media.
› Application security.
17 | The Total Economic Impact™ Of Inspired eLearning’s Security First Solutions
Appendix A: Total Economic Impact
Total Economic Impact is a methodology developed by Forrester
Research that enhances a company’s technology decision-making
processes and assists vendors in communicating the value proposition
of their products and services to clients. The TEI methodology helps
companies demonstrate, justify, and realize the tangible value of IT
initiatives to both senior management and other key business
stakeholders.
Total Economic Impact Approach
Benefits represent the value delivered to the business by the
product. The TEI methodology places equal weight on the
measure of benefits and the measure of costs, allowing for a
full examination of the effect of the technology on the entire
organization.
Costs consider all expenses necessary to deliver the
proposed value, or benefits, of the product. The cost category
within TEI captures incremental costs over the existing
environment for ongoing costs associated with the solution.
Flexibility represents the strategic value that can be
obtained for some future additional investment building on top
of the initial investment already made. Having the ability to
capture that benefit has a PV that can be estimated.
Risks measure the uncertainty of benefit and cost estimates
given: 1) the likelihood that estimates will meet original
projections and 2) the likelihood that estimates will be tracked
over time. TEI risk factors are based on “triangular
distribution.”
The initial investment column contains costs incurred at “time 0” or at the
beginning of Year 1 that are not discounted. All other cash flows are discounted
using the discount rate at the end of the year. PV calculations are calculated for
each total cost and benefit estimate. NPV calculations in the summary tables are
the sum of the initial investment and the discounted cash flows in each year.
Sums and present value calculations of the Total Benefits, Total Costs, and
Cash Flow tables may not exactly add up, as some rounding may occur.
PRESENT VALUE (PV)
The present or current value of (discounted) cost and benefit estimates given at an interest rate (the discount rate). The PV of costs and benefits feed into the total NPV of cash flows.
NET PRESENT VALUE (NPV)
The present or current value of (discounted) future net cash flows given an interest rate (the discount rate). A positive project NPV normally indicates that the investment should be made, unless other projects have higher NPVs.
RETURN ON INVESTMENT (ROI)
A project’s expected return in percentage terms. ROI is calculated by dividing net benefits (benefits less costs) by costs.
DISCOUNT RATE
The interest rate used in cash flow analysis to take into account the time value of money. Organizations typically use discount rates between 8% and 16%.
PAYBACK PERIOD
The breakeven point for an investment. This is the point in time at which net benefits (benefits minus costs) equal initial investment or cost.