Users’ adherence to security policy, reduced internal security threats, appropriate security behaviour and a culture of security-aware users are among the results of an effective security awareness effort in an organisation. Generally, security awareness efforts are meant to change behaviour communally, however, most of them are actually focused on altering individual security behaviours. Thus, we conducted a systematic literature review on past research on security awareness approaches focusing on the delivery methods, program contents and theories used for the proposed security awareness program and whether they help in fostering communal change. Despite the importance of ensuring communal learning in security awareness approach, we found that only one of these studies applied an approach which promotes communal change in all four of their selected underlying theories, delivery methods and program content.