Dubai, UAE: SANS Security Awareness, the global leader in providing security awareness training, announced today the release of the 2021 Security Awareness Report: Managing Your Human Cyber Risk. This annual report analyzes the data of over 1,500 security awareness professionals from around the world to benchmark how organizations are managing human risk and provides data-driven action items to mature awareness programs.

2021 marks the sixth release of the SANS Security Awareness Report, and through 2020-2021 the industry witnessed deep and rapid changes in how and where employees work. These changes have caused unprecedented evolution in not only in technology we use, but how we use it, especially with so many working from home. Simply stated, it has never been more important to effectively create and maintain a cyber secure workforce and a vibrant security culture. 

“Cybersecurity is no longer just about technology but people; managing human risk.  Awareness programs enable security teams to do just that by not only guiding how people think about security but how they act, from the Board of Directors on down,” said Lance Spitzner, SANS Security Awareness Director and co-author of the report. “This report enables security professionals to make data-driven decisions on how they can most effectively engage the workforce and manage human risk.”

Key Findings:

  • Workforce: Over 75% of security awareness professionals are spending less than half their time on security awareness, implying awareness is too often a part-time effort. The data shows that security awareness responsibilities are very commonly assigned to staff with highly technical backgrounds who may lack the skills needed to effectively engage their workforce in simple-to-understand terms.
  • Compensation: The average salary reported was $103,000 USD for security training full time professionals. However, salaries were found to be higher for those with technical background and on average up to $10,000 less for those with non-technical backgrounds.
  • Top Reported Challenges: The two top reported challenges for building a mature awareness program are the lack of time to manage the program and a lack of personnel to work on and implement the program.
  • Dedicated Personnel: Awareness programs effectively changing behavior had at least 2.5 FTEs (Full-Time Equivalent) dedicated to helping manage their awareness program. Those impacting culture and having the metrics framework to prove it on average had 3.5 FTEs. 

“Security awareness programs have evolved from a limited compliance focus to becoming a key part of an organization’s ability to manage human cyber risk,” said Dan deBeaubien, SANS Security Awareness Director and co-author of the report. “While security awareness programs are gaining executive support, there is still a long way to go before enough personnel, resources and tools are allocated to this effort.”

For more detailed analysis and recommended action on improving an awareness strategy, the 2021 SANS Security Awareness Report is available for download here.

About SANS Security Awareness

SANS Security Awareness provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their human cybersecurity risk. SANS Security Awareness has worked with over 1,300 organizations and trained over 6.5 million people around the world. The SANS Security Awareness program offers globally relevant, expert authored tools and training to enable individuals to shield their organization from attacks and a fleet of savvy guides and resources to work with you every step of the way. To learn more, visit www.sans.org/security-awareness-training 

Send us your press releases to pressrelease.zawya@refinitiv.com

© Press Release 2021

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.