What's the single greatest challenge of running a security awareness program? In November 2015 SANS Securing The Human surveyed 369 security awareness professionals from around the world and asked them: What is the single biggest challenge you are facing? This question was part of the larger 2106 Security Awareness Report that measures the current state of security awareness programs around the world.
Five security professionals from different industries and roles volunteered to analyze the survey results, including Bob Rudis (team lead for 2015 Verizon DBIR), Dr. Lance Hayden (author People Centric Security) and Dr. Angela Sasse (Professor, University College of London). This team of community experts analyzed the data to identify what are the top challenges facing security awareness professionals and how to overcome them. The end goal of the report is to enable organizations to create truly mature security awareness programs and benchmark their program against others. Two critical topics emerged from the analysis:
1. LACK OF RESOURCES, TIME AND SUPPORT: Security awareness program professionals are constrained in their ability to execute. The top three limitations cited were lack of leadership support, limited budgets and lack of time. Of the three, data shows lack of leadership support to have the greatest impact on awareness program maturity. The most surprising number was that the majority of security awareness personnel spend 25% or less of their time on awareness, the remaining time is taken with other responsibilities.
2. NOT HAVING AN IMPACT: The second theme was the inability to engage employees and change behaviors, indicating that programs are not "sticking" the way their leaders would like.
Knowing these challenges is only half the battle. Security awareness professionals also need to know the solutions, which we provide in the report. Download the 2016 Security Awareness Report now or see the archived webcast with Dr. Lance Hayden, Bob Rudis and Lance Spitzner as they go over the key findings.
About the Securing the Human Security Awareness Report
In its second year, the Securing the Human Security Awareness report is the most comprehensive and credible survey of the state of security awareness. Over 350 security awareness professionals were surveyed to understand their key challenges, goals and roles.