What's the single greatest challenge of running a security awareness program? In November 2015 SANS Securing The Human surveyed 369 security awareness professionals from around the world and asked them: What is the single biggest challenge you are facing? This question was part of the larger 2106 Security Awareness Report that measures the current state of security awareness programs around the world.
Five security professionals from different industries and roles volunteered to analyze the survey results, including Bob Rudis (team lead for 2015 Verizon DBIR), Dr. Lance Hayden (author People Centric Security) and Dr. Angela Sasse (Professor, University College of London). This team of community experts analyzed the data to identify what are the top challenges facing security awareness professionals and how to overcome them. The end goal of the report is to enable organizations to create truly mature security awareness programs and benchmark their program against others. Two critical topics emerged from the analysis:
1. LACK OF RESOURCES, TIME AND SUPPORT: Security awareness program professionals are constrained in their ability to execute. The top three limitations cited were lack of leadership support, limited budgets and lack of time. Of the three, data shows lack of leadership support to have the greatest impact on awareness program maturity.
"People are either constrained in their ability to execute and/or failing to deliver the needed impact."
2. NOT HAVING AN IMPACT: The second theme was the inability to engage employees and change behaviors, indicating that programs are not "sticking" the way their leaders would like.
Knowing these challenges is only half the battle. Security awareness professionals also need to know the solutions. The full 2016 Security Awareness Report will be released in late March 2016 with detailed analysis of specific challenges, their causes, and what organizations are doing to address and overcome them. In addition join us for a webcast on 29 March with Dr. Lance Hayden, Bob Rudis and Lance Spitzner as they go over the key findings. Register now for the Mar 29 Webcast: 2016 Security Awareness Report Key Findings.
About the Securing the Human Security Awareness Report
In its second year, the Securing the Human Security Awareness report is the most comprehensive and credible survey of the state of security awareness. Over 350 security awareness professionals were surveyed to understand their key challenges, goals and roles.