GEC NEWS WIRESANS Security Awareness released its 2018 Security Awareness Report “Building Successful Security Awareness Programs”. The report found that cyber security awareness programmes are beginning to gain ground among businesses, but that many of the professionals responsible for their implementation are challenged by a lack of time, budget and resources. It also highlights a clear correlation between the level of support given to security awareness by the organisation’s leadership and the maturity of that programme within the organisation.
“In light of recent large breaches such as those suffered by Equifax, Yahoo!, and the WannaCry ransomware attack on the NHS, and with new regulations like the EU General Data Protection Regulation throwing data protection into sharp focus, there’s a new sense of urgency around cyber security that’s stimulating both support and change.” says Lance Spitzner, Director, SANS Security Awareness. “Security awareness can be challenging, but it’s necessary, and it’s worth the effort,” he continues.
“The report reveals that a clear majority (80%) of security awareness professionals see their awareness programme activity as being only a portion of their overall job responsibilities,” says Dan DeBeaubien, Product Director for SANS Security Awareness. “Many claim to have no budget for an awareness programme or to not know what their budget is, and most lack the skills or background required to effectively communicate the programme to and engage with the workforce.”
The SANS Security Awareness Report was developed to enable security awareness professionals to make data-driven decisions on how to improve their security awareness programmes and to allow them to benchmark these programmes against others. In short, its aim is to more definitively answer the question of what makes great security awareness programmes a success. This year, data analysed from over 1,718 respondents provides even greater insight in how to benchmark and mature a security awareness programme.
The report utilises the Security Awareness Maturity Model as a guide to identify an organisation’s level of a programme’s impact and how to measure human risk and change end-user behaviour.
