3/15/23, 3:29 PM The 2023 Information Security Thermometer

The 2023 Information Security Thermometer

* Required

The next questions are on awareness of information security

in your organisation:

65. What are the current or preferred methods of training used by your
information security team? *

Investigating
the use of
this in the
Popular Seldom use Never use future Unsure

Classroom-
based –
offsite

Classroom-
based –
onsite

Self-study

Virtual
classroom /
Webinar (with
remote
human
instructor)

e-Learning /
Computer-
based only

Simulations /
Serious
gaming

https://forms.office.com/pages/responsepage.aspx?id=i_oLrX6FCkO1bgA0PMDIoTq8GFulIJxMsoSr_wljBsFUMjI5UU45UjNCN0RSTzU2N0RENj… 1/5
3/15/23, 3:29 PM The 2023 Information Security Thermometer

66. How are information security awareness budgets typically determined in

your organisation?
(Select those that apply – multiple selections possible) *

A percentage of information security budget

A percentage of risk management

Based on incidents

Based on projects approved for the year

Based on a budget defined by head of information security

No official budget – ad hoc

Other

67. What percentage of your F2022 (previous year) information security

budget was spent on awareness? *

More than 25%

Between 15-24%

Between 5-14,9%

Less than 5%

No awareness budget

Don’t know

https://forms.office.com/pages/responsepage.aspx?id=i_oLrX6FCkO1bgA0PMDIoTq8GFulIJxMsoSr_wljBsFUMjI5UU45UjNCN0RSTzU2N0RENj… 2/5
3/15/23, 3:29 PM The 2023 Information Security Thermometer

68. Do you envisage a change to your FY2023 (current year) information

security awareness budget in FY2024? *

Large increase

Small increase

No change

Small decrease

Large decrease

Don’t know

https://forms.office.com/pages/responsepage.aspx?id=i_oLrX6FCkO1bgA0PMDIoTq8GFulIJxMsoSr_wljBsFUMjI5UU45UjNCN0RSTzU2N0RENj… 3/5
3/15/23, 3:29 PM The 2023 Information Security Thermometer

69. Awareness programmes - How effective have the following methods of

raising overall awareness been in your organisation?
*

Investigating
the use of Have not
Very Somewhat Not very this in the tried this
effective effective effective future option

Formal
security
induction
training

Compulsory
e-learning /
CBT sessions

Designated
workshops at
staff
gatherings
(face- to-face
or virtual)

Ambush
theatre (i.e.
actors play
out a “live”
scenario in
the canteen)

Messages in
company
newsletters

Distributing
small gifts
with security
reminders

https://forms.office.com/pages/responsepage.aspx?id=i_oLrX6FCkO1bgA0PMDIoTq8GFulIJxMsoSr_wljBsFUMjI5UU45UjNCN0RSTzU2N0RENj… 4/5
3/15/23, 3:29 PM The 2023 Information Security Thermometer

Investigating
the use of Have not
Very Somewhat Not very this in the tried this
effective effective effective future option

Awareness
linked to staff
performance
measures
(KPIs)

Using social
media
platforms

70. Is there anything you would like to add to the information you have
provided in this section? *

Yes

No

Back Next

Never give out your password. Report abuse

This content is created by the owner of the form. The data you submit will be sent to the form owner. Microsoft is
not responsible for the privacy or security practices of its customers, including those of this form owner. Never give
out your password.

Powered by Microsoft Forms |

The owner of this form has not provided a privacy statement as to how they will use your response data. Do not
provide personal or sensitive information.
| Terms of use

https://forms.office.com/pages/responsepage.aspx?id=i_oLrX6FCkO1bgA0PMDIoTq8GFulIJxMsoSr_wljBsFUMjI5UU45UjNCN0RSTzU2N0RENj… 5/5