A new SANS report provides insight into company efforts to increase the security awareness and skills of employees. The study found that only 4.3% of organizations still don’t have a security awareness program, which is a slight improvement compared to two years ago when the number was 7.6%.
However, SANS also found that few organizations create full-time positions for security awareness professionals. Instead, 75% of people who provide security awareness training spend less than half of their time on this task. As the report points out, “the implication is that awareness is simply mounted on to their other job requirements. This is the largest single factor limiting the growth and maturity of programs.”
Read more: 75% of Security Awareness Pros Are Part Time