Report

Innovation Insight on Security Behavior and Culture Program Capabilities

Gartner Report Cover

Security awareness training programs need to evolve by focusing on measurable culture change

Despite the complexity of the current threat landscape, there is a common thread: the human factor. Regardless of the robustness of technical security measures, individuals still fall prey to clever social engineering tactics. This highlights the vital importance of modern cyber security awareness training measures that effectively cultivate secure habits among employees. However, as per Gartner®, “in 2022, less than 5% of cyber security leaders had adopted emerging security behavior and culture program capabilities“.

Also, “Core capabilities offered by security awareness computer-based training (SACBT) vendors achieve regulatory and audit compliance — and some rudimentary behavior change — but fail to make impactful changes to human risk.” Gartner compiled a list of effective actions cyber security leaders can implement in their awareness programs to deliver better risk management results.

Download the report to learn:


  • Why cyber security leaders should rescope their awareness programs to focus on human risk management outcomes, not just regulatory and audit compliance
  • How to position the business case to senior leadership for investment in human risk management to combat cybersecurity challenges arising from a spectrum of unsecure employee behaviors
  • The importance of focusing on measurable behavior and culture change
  • How to evaluate vendors for SBCP capabilities that will meet requirements to measure and change employee behavior at scale
  • SoSafe was named as a Representative Provider in this report

Gartner, Innovation Insight on Security Behavior and Culture Program Capabilities, William Candrick, Richard Addiscott, and 2 more, 16 November 2022

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Download now