Cyber Security Awareness is becoming an important topic for most organizations today, especially with the rise of attacks to cripple network services, or to steal confidential information. There are four main behavioral theories with twelve independent variables that are used sixty one (61) times in the literature in the context of information security awareness. In order to prevent an emerging gap between theory and practice, this paper uses empirical data. Specifically, this paper uses empirical data to map and prioritize the most common variables that influence the employees’ security and awareness based on existing theoretical knowledge. This paper focuses on four main independent variables that directly lead to an actual behavior that may cause security vulnerability. Those variables are:  Behavioral Intention, Coping Appraisal, Threat Appraisal and Sanctions. Once those variables are identified, the paper presents a priority list of what organizations should focus on first in a security awareness program.