Innovation Insight on Security Behavior and Culture Program Capabilities
Security awareness training programs need to evolve by focusing on measurable culture change
Despite the complexity of the current threat landscape, there is a common thread: the human factor. Regardless of the robustness of technical security measures, individuals still fall prey to clever social engineering tactics. This highlights the vital importance of modern cyber security awareness training measures that effectively cultivate secure habits among employees. However, as per Gartner®, “in 2022, less than 5% of cyber security leaders had adopted emerging security behavior and culture program capabilities“.
Also, “Core capabilities offered by security awareness computer-based training (SACBT) vendors achieve regulatory and audit compliance — and some rudimentary behavior change — but fail to make impactful changes to human risk.” Gartner compiled a list of effective actions cyber security leaders can implement in their awareness programs to deliver better risk management results.
Download the report to learn:
- Why cyber security leaders should rescope their awareness programs to focus on human risk management outcomes, not just regulatory and audit compliance
- How to position the business case to senior leadership for investment in human risk management to combat cybersecurity challenges arising from a spectrum of unsecure employee behaviors
- The importance of focusing on measurable behavior and culture change
- How to evaluate vendors for SBCP capabilities that will meet requirements to measure and change employee behavior at scale
- SoSafe was named as a Representative Provider in this report
Gartner, Innovation Insight on Security Behavior and Culture Program Capabilities, William Candrick, Richard Addiscott, and 2 more, 16 November 2022
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Cyber Security Awareness
How often should phishing simulations be done?
Curious about the perfect timing for phishing simulations? It’s not just a ‘when’ but a ‘how often’ kind of question! Dive into this article to explore the rhythm and frequency of simulations that can make your employees cyber-savvy defenders without wearing them out. Timing is everything, and we’ve got the beat!
In conversation with: Cole Hecht from Passage by 1Password
Are passwords a thing of the past? Is it possible to use a more secure and convenient authentication method? Deep dive into the world of passwordless methods and learn how they will impact businesses around the world in this conversation with Cole Hecht from Passage by 1Password.
Cyber Security Awareness
Security teams are facing burnout: A look at the cyber risks
Amid escalating cyberthreats, burnout can act as unseen kryptonite, weakening even the strongest security teams. Discover the challenges of burnout and understaffing in today’s security teams and how to keep them from reaching their ‘blue screen of death’ moment. Spoiler alert: It involves everyone. Curious? Dive in!