Cybersecurity awareness is too often a part-time effort

2021-03-24 04:00

SANS announced the release of a report which analyzes the data of over 1,500 security awareness professionals from around the world to benchmark how organizations are managing human risk and provides data-driven action items to mature awareness programs.

"Cybersecurity is no longer just about technology but people; managing human risk. Awareness programs enable security teams to do just that by not only guiding how people think about security but how they act, from the Board of Directors on down," said Lance Spitzner, SANS Security Awareness Director and co-author of the report.

Cybersecurity awareness: Key findings Workforce: Over 75% of cybersecurity awareness professionals are spending less than half their time on security awareness, implying awareness is too often a part-time effort.

Top reported challenges: The two top reported challenges for building a mature awareness program are the lack of time to manage the program and a lack of personnel to work on and implement the program.

Dedicated personnel: Awareness programs effectively changing behavior had at least 2.5 FTEs dedicated to helping manage their awareness program.

"Security awareness programs have evolved from a limited compliance focus to becoming a key part of an organization's ability to manage human cyber risk," said Dan deBeaubien, SANS Security Awareness Director and co-author of the report.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/re9jXgGLT8A/

#awareness #cybersecurity