Tags:
What’s the single greatest challenge of running a security awareness
program? In November 2015 SANS Securing The Human surveyed 369 security
awareness professionals from around the world and asked them: What is the single biggest challenge you are facing? This
question was part of the larger 2106 Security Awareness Report that
measures the current state of security awareness programs around the
world.
Five security professionals from different industries and roles
volunteered to analyze the survey results, including Bob Rudis (team
lead for 2015 Verizon DBIR), Dr. Lance Hayden (author People Centric
Security) and Dr. Angela Sasse (Professor, University College of
London). This team of community experts analyzed the data to identify
what are the top challenges facing security awareness professionals and
how to overcome them. The end goal of the report is to enable
organizations to create truly mature security awareness programs and
benchmark their program against others. Two critical topics emerged from
the analysis:
1. LACK OF RESOURCES, TIME AND SUPPORT: Security
awareness program professionals are constrained in their ability to
execute. The top three limitations cited were lack of leadership
support, limited budgets and lack of time. Of the three, data shows lack
of leadership support to have the greatest impact on awareness program
maturity. The most surprising number was that the majority of security
awareness personnel spend 25% or less of their time on awareness, the
remaining time is taken with other responsibilities.
2. NOT HAVING AN IMPACT: The
second theme was the inability to engage employees and change
behaviors, indicating that programs are not "sticking" the way their
leaders would like.
Knowing these challenges is only half the battle. Security awareness
professionals also need to know the solutions, which we provide in the
report. Download the 2016 Security Awareness Report now or see the archived webcast with Dr. Lance Hayden, Bob Rudis and Lance Spitzner as they go over the key findings.
About the Securing the Human Security Awareness Report
In its second year, the Securing the Human Security Awareness report is the most comprehensive and credible survey of the state of security awareness. Over 350 security awareness professionals were surveyed to understand their key challenges, goals and roles.