It is Here: The 2019 SANS Security Awareness Report

Awareness professionals rejoice! It is finally here, and this year, it has something to prove: SANS Security Awareness is thrilled to announce that the 2019 SANS Security Awareness Report is ready for you to review.In its fifth year, this report titled The Rising Era of Awareness Training, represents data that was submitted by nearly 1,600 of your security awareness peers from across the globe.

This year, we’ve come to an exciting realization: This is the era of security awareness training.

Over the past few months, we’ve tirelessly assessed, analyzed, and aggregated the findings from survey respondents so that you, the awareness professional, can make data-led decisions on how to improve your program and benchmark your program against your peers for awareness training success. We’ve built on findings from previous years to hone in on the primary issues faced by awareness professionals: a lack of resources, the struggle of overcoming lack of leadership understanding and support, and job role ambiguity.

GET THE REPORT

The intention of the 2019 SANS Security Awareness Report is to provide security awareness professionals with a roadmap to make data-driven decisions. We want to help you improve upon security awareness programs and overall communication. This report also provides professionals with the ability to benchmark their programs against their industry peers to truly get a pulse on their achievements.

Essentially, this awareness report works to more definitively define what ingredients go into making a security awareness program survive and thrive. This year we’ve continued working with researchers from The Kogod Cybersecurity Governance Center (KCGC), an initiative of American University's Kogod School of Business (KSB). With them, we’ve examined the data in comprehensive detail to provide information on:

• Common challenges holding back program maturity - lack of time and staffing were among the top reported roadblocks facing awareness professionals.
• Achieving leadership support and program buy-in – industry peer pressure was found to have a distinctive role in determining whether leadership treats security awareness training as a top priority.
• The growing need to create more concrete job roles and expectations within the security awareness training realm - less than 10% of the respondents reported their job titles even included the words ‘awareness’ or ‘training’ in them.

In addition to these findings, we are releasing some new support materials, including an entirely reimagined, redesigned Security Awareness Maturity Model. It also includes an additional Indicator Matrix within the report. Within these supplemental materials, we’ve outlined key action items, which have been broken out within each section, helping you further develop your awareness training program.

NEW! Bundled assets to be used as supplemental companions to the report:

• Deeper dive into security awareness professional job description and job requirements
• A slide deck presentation on the cost of human risk, designed to present to leadership
• New NIST NICE Work Role Description for Awareness Managers

For more detailed analysis and recommended action on improving an awareness strategy, the 2019 SANS Security Awareness Report and bundled materials are available for download here.

Have questions about the data or want to take a deeper dive into the findings? Send us a message at and we’ll be happy to chat. (We kind of nerd out about this report every year.)