Find Out How Your Organization Measures Up and Improve Your Security Culture
SANS Institute, the world's most trusted provider of cybersecurity training, proudly announces the release of the 2024 Security Awareness Report®:Embedding a Strong Security Culture. Statistics reveal that social engineering attacks account for 89% of concerns surrounding human risk. With the growth of Artificial intelligence (AI), it is becoming easier for cyber threat actors to create customized social engineering attacks in any language or voice they want. All this, and more, makes this report an essential read for any organization aiming to bolster its cybersecurity defenses.
Lance Spitzner, Technical Director of SANS Security Awareness, underscores the report's significance: "The 2024 Security Awareness Report not only benchmarks your current program but also provides actionable insights to drive maturity and effectiveness."
Drawing on insights from over 1,000 security awareness professionals across 70 countries, the SANS 2024 Security Awareness Report offers a global perspective on the state of security awareness. It provides invaluable benchmarks and actionable strategies to help organizations enhance their security awareness programs and manage human risk effectively.
Key Findings and Insights
- Benchmarking and Maturity: The report utilizes the Security Awareness Maturity Model® to help organizations gauge the maturity of their programs. It highlights that the most mature programs have dedicated teams of at least 1.8 full-time employees, with the most advanced requiring at least 4.2 FTEs to achieve strategic metrics and embed a strong security culture.
- Top Human Risks: Social engineering remains the top human risk, with phishing, smishing, and vishing attacks becoming increasingly sophisticated. The report emphasizes the need for robust training and awareness to combat these threats.
- Program Challenges: Lack of time and staff continues to be the primary challenge for security awareness programs. The report provides strategies to overcome these hurdles, including leveraging AI and developing strong partnerships within the organization. The importance of a well-resourced team is underscored, with data showing a direct correlation between team size and program maturity.
- Career Development: The report delves into compensation and career satisfaction for security awareness professionals. With an average global salary of $108,483, the report offers guidance on how professionals can advance their careers and increase their compensation. The section includes detailed analyses of pay scales based on geography, industry, and program maturity, providing a comprehensive overview of the career landscape in security awareness.
Spitzner adds, "This year's findings highlight the critical importance of dedicated security awareness teams and the need for continuous improvement. By benchmarking against global standards and adopting the strategies outlined in the report, organizations can significantly enhance their security posture."
To read the full report and benchmark your program against industry standards, download the SANS 2024 Security Awareness Report® "Embedding a Strong Security Culture" here.