Security awareness programs are more likely to be successful when they have full-time employees who communicate effectively with workers and company leaders.
The number of full-time employees devoted to security awareness programs and their ability to effectively communicate to and engage with employees are two main reasons why security awareness programs either thrive or fail, says a new report. Furthermore, women are twice as likely as men to be dedicated full-time to security awareness. The findings were made by the SANS Institute in its survey, “ 2017 Security Awareness Report.“ „Ultimately, we, the security community need to stop blaming employees as the security problem and start blaming ourselves, “ the report says, „It’s up to us to understand what the root causes are in failing to change human behavior and address those issues.“ The report attempts to do just that and outlines steps and recommendations to improve the time devoted to, and the communications about, security awareness programs. Findings are based on responses of 1,084 professionals in 58 countries who helped build, manage or contribute to their organization’s security awareness program. Security awareness success is based on the SANS Institute’s Security Awareness Maturity Model described on the first two slides.