The 2022 KnowBe4 Security Culture Report is the largest study of its kind, measuring organizations' security cultures and surveying more than 530,000 employees across 2,910 organizations worldwide.
The report offers unique insights which allow organizational leaders to better understand how employees view security within their organizations. This information is also leveraged by business leaders to ensure necessary investment dollars are allocated to the most critical part of the security infrastructure: the human layer.
Security culture is the ideas, customs, and social behaviors of an organization that influence their security. Where security awareness is one’s knowledge of risk, security culture encompasses knowledge as a starting point, but also includes seven additional critical dimensions: attitude, behavior, cognition, communication, compliance, norms, and responsibilities.
The impact of the global pandemic showed that while some industry sectors have reduced their
security culture significantly, others have improved.
Download the report today to explore:
Dimension |
Definition |
Attitudes |
The feelings and beliefs that employees have toward the security protocols and issues |
Behaviors |
The actions and activities of employees that have direct or indirect impact on the security of the organization |
Cognition |
Employees’ understanding, knowledge, and awareness of security issues and activities |
Communication |
The quality of communication channels to discuss security-related topics, promote a sense of belonging, and provide support for security issues and incident reporting |
Compliance |
The knowledge of written security policies and the extent that employees follow them |
Norms |
The knowledge of and adherence to unwritten rules of conduct in the organization |
Responsibilities |
How employees perceive their role as a critical factor in sustaining or endangering the security of the organization |
The research provided a security culture score, which is a measurement that describes the overall security culture of an organization. By aggregating the scores of organizations in each industry, we can learn how each industry compares across the seven outlined dimensions of security culture. In general, a score below 80 is considered moderate, and a score below 60 is poor to moderate.
Consider your own organizational Security Culture for a moment. Does it even exist?
Security culture focuses on how people are expected to think about and approach a more secure environment. This is when employees internalize what their individual roles and responsibilities are to better protect and defend, not only their professional environment but their personal one, too.
Your employees may have bad security-related behaviors either acquired on their own or through a lack of organizational focus and discipline. Change is hard, we get it. But in this case, favorably changing employee behaviors by architecting a meaningful and relevant security culture could protect your organization and executives from brand damage, reputational loss, and financial hardship.
Haven’t given it much thought? No worries, KnowBe4 has and we have the research to prove it!
KnowBe4’s Security Culture Report provides an objective and scientific method for assessing, reporting, and comparing the relative cybersecurity culture-related strengths and weaknesses of individuals, organizations, industry sectors, and regions across the seven dimensions mentioned above.
The Report is the result of data collected from global employees in the following industries: Banking, Business Services, Construction, Consulting, Consumer Services, Education, Energy & Utilities, Financial Services, Government, Healthcare & Pharmaceuticals, Hospitality, Insurance, Legal Manufacturing, Not-for-Profit, Retail & Wholesale, Technology and Transportation.
The Security Culture Report empowers you to better understand the distinct factors that comprise an otherwise forgotten concept. Armed with an understanding of the seven dimensions of culture, you can then begin to evaluate your own organization’s security culture and reduce the risk that you know is coming for you.
Ready to begin the journey? Download the 2022 Security Culture Report from KnowBe4 Research.
Want to measure your own Security Culture? KnowBe4 customers have access to the Security Culture Survey (SCS) in the ModStore Training Library.
© KnowBe4, Inc. All rights reserved. | Legal | Privacy Policy | Terms of Use | Security Statement | Sitemap