<- Back to all blog posts

Forrester Wave: Security Awareness & Training Solutions (SA&T)

November 1, 2022

The most recent Forrester Wave: Security Awareness & Training (SA&T) report was released a few months ago. The report, which rates security awareness training vendors based on published and transparent criteria, is eye-opening in its view of the state of the market today and into the future.

While the bulk of the report is about the vendors, listing their ratings and aggregate scores, the most interesting reading is in the executive summary. The thrust of the executive summary can be summarized in this sentence from the executive summary:

Our evaluation found well-needed disruption in the market.

We could not agree more with Forrester. The security awareness training market is in need of disruption.

Below are some other notable quotes from the Forrester executive summary (emphasis added) : 👇👇

  • Look for vendors that offer human risk quantification and calculate risk based on actual user behavior, not quiz and simulation scores.
  • Choose vendors that can help measure your employees’ human risk score. Once you know the risk profile of an individual or department, you can adjust your training and gain valuable insights about where to improve your security program.
  • The days of vendors bragging about features and extensive (yet dull) content libraries are mercifully waning.
  • You need a different way to manage human risk, not better ways to train people.
  • Look for vendors that can show you what is possible, not only what you think you need, or ask for.

The disruption that is needed is not prescribed in the report, as is highlighted by the last quote above. The overall story is that the future of security awareness is human risk. And that human risk needs to be based on actual employee behaviors and actions.

👀 Broader Forrester Opinion on the Future of Security Awareness

If you read Forrester Wave author Jinan Budge’s (VP @ Forrester) other writing on the security awareness market, you can triangulate themes she believes underscore security awareness of the future. The theme of other articles echo the Wave report in that security awareness is in a transitory state. Many CISOs still believe the primary value of security awareness training is to address compliance requirements.

This value proposition, the checking the box for audits, of security awareness is what has driven the explosive growth of the market over the last 10 years. Ths value proposition, while still entrenched, will slowly give way to the value proposition of measuring and reducing human risk by driving better security behavior.

—-

Haekka partners with customers to show what is possible with security awareness. We use new data and apps to connect security to employees when and while they work, wherever they work. We believe this intelligent security layer is the future of security awareness and it aligns with Forrester’s Wave report as well as other writings from Forrester on security awareness.

Schedule a demo

Start delivering training via Slack today.

Get started with a free trial by scheduling a demo today. One of our training experts will walk you through a live Haekka demo.

Excellent! We received your demo request. You should be redirected to our scheduling system. If you ran into an issue, please contact us.
Hmm. Something went wrong while submitting your form.
Please refresh and try again.