Security awareness hindered by lack of time, budget and resources
Source: Procre8 for SANS Security Awareness , Author: Posted by BI-ME staff
Posted: Thu June 14, 2018 4:47 pm

UAE.– SANS Security Awareness, the leading provider in security awareness training, and a division of SANS Institute, today released its 2018 Security Awareness Report “Building Successful Security Awareness Programs”.

The report found that cyber security awareness programmes are beginning to gain ground among businesses, but that many of the professionals responsible for their implementation are challenged by a lack of time, budget and resources. It also highlights a clear correlation between the level of support given to security awareness by the organisation’s leadership and the maturity of that programme within the organisation.

“In light of recent large breaches such as those suffered by Equifax, Yahoo!, and the WannaCry ransomware attack on the NHS, and with new regulations like the EU General Data Protection Regulation throwing data protection into sharp focus, there’s a new sense of urgency around cyber security that’s stimulating both support and change.” says Lance Spitzner, Director, SANS Security Awareness. “Security awareness can be challenging, but it’s necessary, and it’s worth the effort,” he continues.

Working with researchers from The Kogod Cybersecurity Governance Center (KCGC) of Initiative at American University’s Kogod School of Business (KSB), the survey found:
- The defence industry is the most mature, reporting over 10% at the highest stage in the Security Awareness Maturity Module, with the manufacturing industry the least mature, reporting only 2%
- Finance and Operations departments are the largest blockers to building or maturing a security awareness programme
- The majority of awareness professionals come from a technical background, with less than 20% coming from non-technical fields such as communications, marketing, legal or HR

“The report reveals that a clear majority (80%) of security awareness professionals see their awareness programme activity as being only a portion of their overall job responsibilities,” says Dan DeBeaubien, Product Director for SANS Security Awareness. “Many claim to have no budget for an awareness programme or to not know what their budget is, and most lack the skills or background required to effectively communicate the programme to and engage with the workforce.”

The SANS Security Awareness Report was developed to enable security awareness professionals to make data-driven decisions on how to improve their security awareness programmes and to allow them to benchmark these programmes against others.

In short, its aim is to more definitively answer the question of what makes great security awareness programmes a success. This year, data analysed from over 1,718 respondents provides even greater insight in how to benchmark and mature a security awareness programme.

The report utilises the Security Awareness Maturity Model© as a guide to identify an organisation’s level of a programme’s impact and how to measure human risk and change end-user behaviour.

For more detailed analysis and recommended action on improving security awareness, you can download the SANS 2018 Security Awareness Report here.


Photo Captions:
1. (above)  Lance Spitzner, Director, SANS Security Awareness
2. (inset)   For illustration purpose only (File photo)

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide.

Renowned SANS instructors teach over 60 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates a practitioner’s qualifications via over 30 hands-on, technical certifications in cyber security.

The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center.

At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (

For more information, please visit

About SANS Security Awareness
SANS Security Awareness, a division of the SANS Institute, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cyber security risk. SANS Security Awareness has worked with over 1,300 organizations and trained over 6.5 million people around the world. Security awareness training content is translated into over 20 languages and built by a global network of the world’s most knowledgeable cyber security experts. Organizations trust that SANS Security Awareness content and training is world-class and ready for a global audience. The SANS Security Awareness program includes everything security awareness officers need to simply and effectively build a best-in-class security awareness program.

For more information about training programs, please visit:



date:Posted: June 18, 2018
UAE. 24% of Middle Eastern entrepreneurs are motivated by social impact and view it as their top priority as a business owner; 66% are undertaking angel investing.
date:Posted: June 16, 2018
UAE. MENA region recorded 93 deals amounting to US$15.4b in Q1 2018; UAE records highest announced Q1 deal value in the region at US$5.1b; Oil & gas deal value reached US$7.2b in Q1 2018; Almost 80% of MENA boards focused on portfolio transformation.
date:Posted: June 14, 2018
UAE. McAfee report sounds industry alarm: Don't start the blockchain revolution without making security a top priority.