Executive Summary
People have become the primary attack vector for cyber attackers around the world, so humans rather
than technology now represent the greatest risk to organizations. 1 Security awareness programs,
and the professionals who manage them, are key to managing that human risk. The SANS 2022
Security Awareness Report analyzes data provided by more than a thousand security awareness
professionals from around the world to identify and benchmark how organizations are managing
their human risk. The goal of this data-driven report is to provide actionable steps and resources to
enable organizations to mature their awareness programs and benchmark them against others.
This report is divided into two sections. The first section looks at how to grow and mature your
security awareness program. It provides not only the data and what the data mean, but also
actionable steps you can take to better manage your organization’s human risk. The second
section focuses on how security awareness professionals can develop their skills and grow
their career, including information about salaries and career development paths. In addition, the
report includes the Security Awareness Maturity Model Indicators Matrix, which enables you to
easily identify your security awareness program’s maturity level and presents steps to improve on that
level of maturity and key metrics to measure it.
Views: 20
