IT disaster recovery, cloud computing and information security news

SANS Security Awareness has published its seventh annual SANS Security Awareness Report, which includes the results from a survey of 1,000 security awareness professionals worldwide. The 2022 report establishes updated global benchmarks for how organizations manage their human risk and provides actionable steps to making improvements with key metrics in the Security Awareness Maturity Model Indicators Matrix to measure progress.

Key findings include:

  • Workforce: more than 69 percent of security awareness professionals are spending less than half their time on security awareness. The data shows that security awareness responsibilities are very commonly assigned to staff with highly technical backgrounds who may lack the skills needed to effectively engage their workforce in simple-to-understand terms.
  • Global compensation: security awareness professionals in Australia/New Zealand had the highest average annual compensation ($121,236), while South America had the lowest ($56,960).
  • Top reported challenges: the three top reported challenges for building a mature awareness program were all related to a lack of time: specifically Lack of time for project management, limits on training time to engage employees, and a lack of staffing.
  • Pandemic impacts: the top two reported impacts were the challenge of a more distracted and overwhelmed workforce and a working environment where human-based cyber-attacks have become more frequent and effective.
  • Program maturity by region: consistent across all global regions is that current programs' most common maturity levels are compliance-focused and awareness/behavior change.
  • Successful program indicators: strong leadership support, increased team size, and a higher training frequency topped the charts as key enablers to program success.

Key action items to increase program success:

  • Action items to increase leadership support: one of the top ways to increase leadership support is speaking in terms of managing risk, not compliance, and explaining WHY you are doing something, not WHAT you are doing. Additionally, creating a sense of urgency by utilizing data and communicating value by demonstrating alignment with leadership’s priorities.
  • Action items to increase team size: documenting and contrasting how many people on the security team are focused on technology versus how many on the team are focused on human risk, creating a document to explain personnel needs fully, and developing partnerships with key departments that can help develop ways to communicate the program's value were recommended.
  • Action items to increase training frequency: it is recommended that organizations communicate to, interact with, or train their workforce at least once a month. Keeping training simple and easy to follow was the key to increasing your opportunities to engage and train your workforce.

More details.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.