Security Awareness Programs Need Full-Time Staff

Security Awareness Programs Need Full-Time Staff

Security Awareness Programs Need Full-Time Staff

Security awareness programs are more likely to be successful when they have full-time employees who communicate effectively with workers and company leaders.

Characteristics of Security Awareness Maturity Model, Part I

Non-existent: There's no program, and employees have no idea that they are targets and that their actions have a direct impact on security. Compliance-Focused: Program is designed to meet specific compliance or audit requirements, and training is limited to an annual or ad hoc basis. Promoting Awareness and Behavior Change: Program identifies training topics with great impact; content is communicated in an engaging, positive way; and employees understand and follow policies, and recognize, prevent and report incidents.

Characteristics of Security Awareness Maturity Model, Part II

Long-Term Sustainment and Culture Change: Processes, resources and leadership support are in place, and cyber-security is an established part of the culture. Metrics Framework: Program uses this framework to track progress and measure impact, so the program continuously improves and demonstrates ROI. Characteristics of Security Awareness Maturity Model, Part II Long-Term Sustainment and Culture Change: Processes, resources and leadership support are in place, and cyber-security is an established part of the culture. Metrics Framework: Program uses this framework to track progress and measure impact, so the program continuously improves and demonstrates ROI.

Maturity of Average Security Awareness Program

Nonexistent: 8%. Compliance-focused: 27%. Promoting awareness and behavior change: 55%. Long-term sustainment and culture change: 10%. Metrics framework: less than 1%.

Biggest Challenges to Security Awareness Programs

Communication: 16%. Employee engagement: 14%. Time: 13%. Culture: 12%. Resources: 12%. Upper management support: 11%. Other: 9%. Money: 6%. Enforceability of program: 4%. Staff: 2%

Lacking Resources and Time

58% of respondents said a lack of resources and time hinders security awareness programs. The more time and people available, the more successful an awareness program will be.

Having Part-Time Workers Hinders Success

Only 8% of awareness professionals are dedicated full-time to security awareness initiatives, and 75% spend a quarter or less of their time on awareness.

Full-Time Employees Help Ensure Success

The more full-time employees that are dedicated to a security awareness program, the more successful it will be - even if those hours are divided among different people.

Money Is Not the Problem

The report's data shows that while the budget does affect the maturity of a program, the correlation of money and maturity is not as compelling as the correlation between time and maturity.

Communication Is Essential

Communication is critical to a successful security awareness program. That requires talking to and engaging with employees, connecting with leaders, and demonstrating the organizational value of security awareness.