Report

Innovation Insight on Security Behavior and Culture Program Capabilities

Security awareness training programs need to evolve by focusing on measurable culture change

Despite the complexity of the current threat landscape, there is a common thread: the human factor. Regardless of the robustness of technical security measures, individuals still fall prey to clever social engineering tactics. This highlights the vital importance of modern cyber security awareness training measures that effectively cultivate secure habits among employees. However, as per Gartner®, “in 2022, less than 5% of cyber security leaders had adopted emerging security behavior and culture program capabilities“.

Also, “Core capabilities offered by security awareness computer-based training (SACBT) vendors achieve regulatory and audit compliance — and some rudimentary behavior change — but fail to make impactful changes to human risk.” Gartner compiled a list of effective actions cyber security leaders can implement in their awareness programs to deliver better risk management results.

Download the report to learn:

Why cyber security leaders should rescope their awareness programs to focus on human risk management outcomes, not just regulatory and audit compliance
How to position the business case to senior leadership for investment in human risk management to combat cybersecurity challenges arising from a spectrum of unsecure employee behaviors
The importance of focusing on measurable behavior and culture change
How to evaluate vendors for SBCP capabilities that will meet requirements to measure and change employee behavior at scale
SoSafe was named as a Representative Provider in this report

Gartner recognizes SoSafe as a Representative Provider for security behavior and culture program capabilities.

Gartner, Innovation Insight on Security Behavior and Culture Program Capabilities, William Candrick, Richard Addiscott, et al., 16 November 2022.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Cyber Security
Awareness Blog

View all blog posts

John Noble on geopolitical trends and collective defense

3 min read

Podcast

John Noble on geopolitical trends and collective defense

How can collaboration between the government and private sector strengthen digital defense? And what impact will new data protection laws have on the cyber security strategies of global organizations? Dr. Niklas Hellemann and John Noble explore these questions and more in the second episode of the Human Firewall Podcast. Stay tuned!

The cybercrime trends to watch out for in 2024

7 min read

Cyber Security Threats

The cybercrime trends to watch out for in 2024

Are you wondering how AI and the current political tensions will influence the threat landscape in 2024? Have you ever heard of disinformation-as-a-service? From the surge in hacktivism to the real impact of team burnout, this article will explore the top cybercrime threats that will keep security teams on their toes this year. Keep reading to discover what cybercriminals have up their sleeves.

11 min read

Cyber Security Awareness, Cyber Security Threats

How to spot a deepfake

Do you believe your eyes when you see or hear something outrageous? In this era of deepfakes, it has become difficult to really know whether the video you are seeing is real or not. They will look real, sound real, talk real. But they aren’t. And the only way to be sure is to watch out.