2025
State of Security Champions Report
.png)
Backed by survey data and BSIMM benchmarks, this report shows why Champions are becoming essential for modern AppSec programs.
What You'll Learn
Security Champion programs are not new, but they’ve been under-documented compared to other security initiatives. Most guidance has been limited to tactical playbooks or maturity models embedded within larger frameworks.
The State of Security Champion Programs Report (2025) is different. It’s based on original survey data from 33 organizations across industries and paired with external benchmarks like BSIMM15. The result is a real-world snapshot of how programs are actually run today: what focus areas they prioritize, how success is measured, and the challenges they face at different stages of maturity.
This report offers practitioners a way to benchmark their programs, learn from peers, and apply proven playbooks to scale security culture more effectively.
Inside the 2025 Survey
Champion programs are growing in popularity and impact: Nearly 75% are less than four years old, with adoption across Health Care, Insurance, SaaS, and Finance.
Champion programs are an evolving journey: Early efforts focus on secure coding and remediation, while older programs expand into threat modeling and governance.
Champions are a sign of security maturity: Larger programs span more departments and report higher confidence; BSIMM15 shows Champion adoption grows from 32% in bottom-tier firms to 92% in top-tier firms.