Ponemon Institute and Security Innovation Reveal Gaps and Best Practices in Security Awareness Program with Latest Research

Findings reinforce the need for training programs that are customized by role, short in duration, and updated frequently

  • Share on TwitterShare on FacebookShare on Google+Share on LinkedInEmail a friend
Security awareness training programs have become a much higher priority for risk-sensitive employers

Wilmington, MA (PRWEB) July 15, 2014

Security Innovation and Ponemon Institute today announced the release of its State of Information Security Awareness: Trends & Developments Report. The objective of the research is to understand global trends and developments in information security education. The companies surveyed over 3,000 IT and other managers who were influential in their organization’s PCI DSS compliance and/or audit activities. Approximately half of the respondent companies currently require their employees to participate in information security awareness training, and it is these survey responses that form the research basis of the whitepaper.

“Security awareness training programs have become a much higher priority for risk-sensitive employers, “ said Dr. Larry Ponemon, founder of Ponemon Institute. “The collected data reinforces the need for targeted security awareness training to ensure threats are well understood and good security hygiene becomes part of daily activities.”

Key trends include:

#1: Spending is Increasing
Among the organizations that plan to implement a new security awareness training program, 64% will do so in the upcoming year - and spend some serious money doing it: 73% plan to spend over $100,000 and 41% will spend over $500,000.

#2: There’s Room for Improvement
64% of managers are less than fully satisfied with their current PCI DSS security training. Additionally, about two-thirds of companies currently train less than a quarter of their workforce, omitting key personnel.

#3: Short, Customizable and Online
Awareness training is most effective when available in short sessions, making computer-based training (CBT) the most popular and cost-effective approach for many companies. This is particularly important for smaller companies who typically spend almost twice as much per employee on training than larger companies. Additionally, 64% of companies customize training with company-specific content and, for those that offer training tailored to job function, IT departments receive the most customized curriculum.

#4: It’s Not Just About Compliance
Although compliance is currently the single biggest driver of data security training, 82% of organizations surveyed implement security awareness training programs to improve their overall level of data security.

Security industry standards bodies, such as PCI SSC (Payment Card Industry Security Standards Council) and NIST (National Institute of Standards and Technology), have recently updated their compliance requirements and best practices guidelines to place more emphasis on the importance of security awareness training.

Other key findings of the Security Innovation and Ponemon Institute research:

-About half of the organizations that provide training via CBT rely on third-party vendors for program development
-Most of the respondents who provide formal training indicated their curriculum is updated at least once per year, with 21% updating it more frequently
-More than two-thirds of organizations measure the immediate impact of their PCI DSS training using employee tests or satisfaction surveys upon program completion
-The most popular way for organizations to measure the long-term effectiveness of their PCI DSS training is by tracking reductions in non-compliance incidents

About Security Innovation
An application security pioneer since 2002, Security Innovation is dedicated to making software more resilient within the world’s most challenging environments; whether on the web, in devices or in the cloud. Our training and assessment solutions help organizations mitigate risk, eradicate vulnerabilities, and prevent data theft. Recognizing that application software no longer exists in isolation, our clients are better prepared to anticipate, navigate and reduce software security risk regardless of technology or system complexity. There are more than a million licenses of Security Innovation’s eLearning products in use today and our embedded security products ship on tens of millions of systems each year. Learn more at http://www.securityinnovation.com.

About Ponemon Institute
Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. The company’s mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations.


Contact

Attachments