SANS informed Techzine that a lack of time and personnel are the most common factors that hinder security awareness programs within companies. At the same time, research shows that 60 percent of professionals do not know how the security awareness budget is used within their company.
These are some of the conclusions from the 2019 Security Awareness Report, an annual report published by SANS Security Awareness, a sub-division of SANS. The study compares this year’s data with data from recent years and finds the main problems faced by security awareness professionals within companies. These are mainly a lack of sufficient resources, a lack of support from management and an ambiguity in their responsibilities.
The report should give companies the opportunity to set up a successful security awareness program. This year, more than 1,600 respondents were surveyed.
SANS Security Awareness Director, Lance Spitzner, says: “Every year, we are able to see a better picture of the most common challenges that security awareness professionals encounter and how they should best address them. (…) After five years, we are starting to see some important trends.”
A lack of time and personnel is, as said, one of the main problems faced by professionals. Furthermore, more than 75 percent of these professionals only work part-time, which means that companies often spend less than half of their time on security awareness.
In addition, it is crucial that employees receive support from management. Group pressure from colleagues and industry peers appears to play a role in the acceptance and understanding from management. SANS reports that security awareness becomes a priority if management believes that their entire sector is investing significantly in that.
Furthermore, less than 10 percent of those surveyed indicated that their job description contained the word “awareness” or “training”. Approximately 60 percent of them do not know at all what the security awareness budget is spent on within their company. According to SANS, the report therefore exposes growing concerns and challenges surrounding security awareness.