Security Culture Report

Security Culture Report 2022—Global Trends in Security Culture

The 2022 KnowBe4 Security Culture Report is the largest study of its kind, measuring organizations' security cultures and surveying more than 530,000 employees across 2,910 organizations worldwide.

The report offers unique insights which allow organizational leaders to better understand how employees view security within their organizations. This information is also leveraged by business leaders to ensure necessary investment dollars are allocated to the most critical part of the security infrastructure: the human layer.

Security culture is the ideas, customs, and social behaviors of an organization that influence their security. Where security awareness is one’s knowledge of risk, security culture encompasses knowledge as a starting point, but also includes seven additional critical dimensions: attitude, behavior, cognition, communication, compliance, norms, and responsibilities.

The impact of the global pandemic showed that while some industry sectors have reduced their
security culture significantly, others have improved.

Download the report today to explore:

NEW this year! Security culture trends over time and regional breakdowns of security culture around the world
What impact the COVID-19 pandemic had on culture scores
The best and worst scoring industries (Technology topped the list while Education and Hospitality struggled)

Get your copy of the report now!

Dimension	Definition
Attitudes	The feelings and beliefs that employees have toward the security protocols and issues
Behaviors	The actions and activities of employees that have direct or indirect impact on the security of the organization
Cognition	Employees’ understanding, knowledge, and awareness of security issues and activities
Communication	The quality of communication channels to discuss security-related topics, promote a sense of belonging, and provide support for security issues and incident reporting
Compliance	The knowledge of written security policies and the extent that employees follow them
Norms	The knowledge of and adherence to unwritten rules of conduct in the organization
Responsibilities	How employees perceive their role as a critical factor in sustaining or endangering the security of the organization

The research provided a security culture score, which is a measurement that describes the overall security culture of an organization. By aggregating the scores of organizations in each industry, we can learn how each industry compares across the seven outlined dimensions of security culture. In general, a score below 80 is considered moderate, and a score below 60 is poor to moderate.

Consider your own organizational Security Culture for a moment. Does it even exist?

Security culture focuses on how people are expected to think about and approach a more secure environment. This is when employees internalize what their individual roles and responsibilities are to better protect and defend, not only their professional environment but their personal one, too.

Your employees may have bad security-related behaviors either acquired on their own or through a lack of organizational focus and discipline. Change is hard, we get it. But in this case, favorably changing employee behaviors by architecting a meaningful and relevant security culture could protect your organization and executives from brand damage, reputational loss, and financial hardship.

Haven’t given it much thought? No worries, KnowBe4 has and we have the research to prove it!

KnowBe4’s Security Culture Report provides an objective and scientific method for assessing, reporting, and comparing the relative cybersecurity culture-related strengths and weaknesses of individuals, organizations, industry sectors, and regions across the seven dimensions mentioned above.

The Report is the result of data collected from global employees in the following industries: Banking, Business Services, Construction, Consulting, Consumer Services, Education, Energy & Utilities, Financial Services, Government, Healthcare & Pharmaceuticals, Hospitality, Insurance, Legal Manufacturing, Not-for-Profit, Retail & Wholesale, Technology and Transportation.

The Security Culture Report empowers you to better understand the distinct factors that comprise an otherwise forgotten concept. Armed with an understanding of the seven dimensions of culture, you can then begin to evaluate your own organization’s security culture and reduce the risk that you know is coming for you.

Ready to begin the journey? Download the 2022 Security Culture Report from KnowBe4 Research.

Want to measure your own Security Culture? KnowBe4 customers have access to the Security Culture Survey (SCS) in the ModStore Training Library.

Get the Report!