First Ever SANS Security Awareness Executive Report Provides Unique Insight to Help Awareness Programs Succeed

Bethesda, Md. – SANS Security Awareness, the leading provider in security awareness training, and a division of SANS Institute, released their first ever SANS Security Awareness Executive Report, which is designed to demonstrate to executives how they can become an essential figure in their programs overall success and maturity. It outlines actionable steps drawn from the 2018 Security Awareness Report and focuses on providing leadership with the understanding of why managing human risk is imperative to a security awareness program's overall success.

"Managing human risk is one of the top growing concerns with CISO and executives around the world", says Lance Spitzner, Director of Community and Research at SANS Security Awareness. "The 2018 SANS Security Awareness Executive Report is one of the very few data-driven resources designed for leadership to not only better understand the problem, but to formulate the solution."

While the SANS Security Awareness Report enables security awareness professionals to make improvements in their awareness programs and benchmark their programs against others, key findings in this executive report show a clear correlation between support from executive leadership and program maturity. Ultimately, the more support from the top down that an awareness program has, the better the likelihood it has to offering consistent culture change.

"The SANS Security Awareness Executive Report provides a unique, data-driven examination of the programs which address the human risk factors in cybersecurity today; it helps executives understand and support their programs and provides specific actions which will drive them forward," explains Dan DeBeaubien, Product Director of SANS Security Awareness.

The SANS Executive Security Awareness Report outlines steps leadership can take toward becoming an essential figure in the program's success and maturity, including:

  • Establishing program goals
  • Program participation
  • Program staffing and organization
  • Program initiatives

This report highlights those steps, utilizing the Security Awareness Maturity Model© as a guide to identify an organization's level of a program's impact and how to measure human risk and change end-user behavior. For more detailed analysis, download the SANS 2018 Security Awareness Executive Report here.

In addition, the 2019 SANS Security Awareness Survey is now open. Everyone from the security awareness industry is invited to complete this brief questionnaire, which aggregates the data to produce the annual SANS Security Awareness Report and also helped create this year's SANS Security Awareness Executive Report.

While all respondents will be given early access and regular updates to the analysis of data and a sneak peek into the final report, early respondents to the survey will also be entered into a raffle for an iPad.

About SANS Security Awareness
SANS Security Awareness, a division of the SANS Institute, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their 'human' cyber security risk. SANS Security Awareness has worked with over 1,300 organizations and trained over 6.5 million people around the world. Security awareness training content is translated into over 20 languages and built by a global network of the world's most knowledgeable cyber security experts. Organizations trust that SANS Security Awareness content and training is world-class and ready for a global audience. The SANS Security Awareness program includes everything security awareness officers need to simply and effectively build a best-in-class security awareness program. For more information about training programs, please visit:

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (