Published on July 21, 2019
Dubai, UAE: The most common factors holding back security awareness programmes in companies are the lack of time and staff rather than budget, although nearly 60% of the professionals surveyed say they are not even aware of the budget allocated to security awareness in their companies. These are some of the key findings of the 2019 Security Awareness Report, the fifth edition of a report produced annually by SANS Security Awareness, a division of SANS Institute and a world leader in security training.
The study presented today compares current data with that of previous years and analyses the main problems faced by security awareness professionals in companies: lack of resources, managerial support, and ambiguity in their positions and responsibilities.
The intention of the SANS Security Awareness Report is to provide security awareness professionals with a roadmap to make data-driven decisions on how to improve their security awareness programs. It also provides professionals with the ability to benchmark their programs against their industry peers. Essentially, it works to more definitively answer the question of what ingredients go into making a security awareness program successful. This year, data was analysed from nearly 1600 respondents providing even greater insight into how to benchmark and mature a security awareness programme.
“I’m absolutely thrilled about the release of the 2019 Security Awareness report,” says SANS Security Awareness Director, Lance Spitzner. “Every year we are able to gain a better understanding of the most common challenges awareness professionals face and how to best address them and after five years, we are beginning to identify key trends.”
Working with researchers from The Kogod Cybersecurity Governance Center (KCGC), an initiative of American University’s Kogod School of Business (KSB), the survey data was examined in detail to provide information on:
This report highlights these growing concerns and challenges for security awareness. It also utilizes the SANS Security Awareness Maturity Model as a guide to identify an organization’s level of a program’s impact and how to measure human risk and change end-user behavior. This model, which has been revamped in this year’s report, provides organizations with the ability to easily identify where their security awareness program is currently at, where a qualified leader can take it, and it even outlines the path to get them to where they want to be.