@Oz Alashe
Last updated: 10 Aug 2025
Ever wondered what the history of the concept and term “security awareness” is?
The phrase “security awareness” didn’t appear out of nowhere. It crept into formal use in the late 1980s, as the security community began to recognize that people - not just machines - played a critical role in keeping systems safe.
Read on to find out more…
Security awareness wasn’t always part of (what is now called) cybersecurity. In fact, for decades, it barely registered as a concept.
Importantly, the very definitions of what we were trying to protect shifted continually: security evolved from the physical focus of ‘computer security,’ through the broader and network-oriented lens of ‘IT security’ and ‘e-security,’ and ultimately into today’s expansive field of ‘cybersecurity’ that recognizes both technical and human risk.
Early computing was all about machines—keeping them running, keeping them controlled, and keeping them physically secure. But once computers became networked and widely used, the security industry had to confront an uncomfortable truth: the systems weren’t the only things vulnerable. People were too.
And that changed everything.
In the early days, computers were expensive, rare, and tightly controlled. Access was limited to trained operators and engineers who deeply understood the systems they worked on. Security, therefore, focused on the physical—who could get into the building—and the technical—who could run which commands. This was a period in which the concept ‘computer security’, rather than ‘cybersecurity’ was more prevalent.
There was no concept of “user risk” because there were barely any users.
What mattered: Guard the machines. People weren’t seen as part of the threat model—because they weren’t part of the system at scale.