Security awareness training is designed to bolster users’ ability to recognize threats like phishing attempts, unusual requests that purport to be from their company’s CEO, malicious advertising on web pages, and a host of other threats that are designed to trick users into doing something that can wreak havoc within an organization. However, security awareness training can yield a significant return-on- investment and should be seriously considered by every organization as a key element of its security infrastructure. This white paper discusses the results of an in-depth survey of security professionals in mid-sized and large organizations, and demonstrates how good training more than pays for itself.