Nearly 60 percent of security awareness professionals say they are not even aware of the budget allocated to security awareness in their companies, according to a recent survey by SANS Institute.
According to SANS’s 2019 Security Awareness Report, lack of time and staffing were among the top reported roadblocks facing awareness professionals. More than 75 percent of surveyed professionals work part-time, which means that companies are spending less than half of their time on security awareness.
Another challenge security professionals face is getting the support of management, the study said. The report noted that programme buy-in is key as industry peer pressure was found to have a distinctive role in determining whether leadership treats security awareness training as a top priority. In fact, 69 percent of organisations whose managers believe that the market is investing significantly in this area consider safety awareness training to be a top priority.
The study also highlighted the growing need to create more concrete job roles and expectations within the security awareness training realm, with less than 10 percent of the respondents reported their job titles even included the words ‘awareness’ or ‘training’ in them, and about 60 percent were not even aware of the budget allocated to security awareness in their companies.
“I’m absolutely thrilled about the release of the 2019 Security Awareness report,” says SANS Security Awareness Director, Lance Spitzner. “Every year we are able to gain a better understanding of the most common challenges awareness professionals face and how to best address them and after five years, we are beginning to identify key trends.”
This report highlights these growing concerns and challenges for security awareness. It also utilizes the SANS Security Awareness Maturity Model as a guide to identify an organisation’s level of a program’s impact and how to measure human risk and change end-user behaviour.
Discussion about this post