CLTRe-Header

Our new Security Culture Report gives you insight on your industry like never before

Objective scientific method for assessing, reporting and comparing the relative cybersecurity culture-related strengths and weaknesses of individuals, organizations, industry sectors, and regions.


Security Culture Report 2021—A Global Security Culture Perspective During a Pandemic

The 2021 KnowBe4 Security Culture Report is the largest study of its kind, measuring organizations' security cultures and surveying more than 320,000 employees across 1,872 organizations worldwide. Security culture is the ideas, customs, and social behaviors of an organization that influence their security.

Security Awareness and Security Culture are two terms that are often times interchangeably used, but actually couldn’t be more conflicting. Where Security Awareness is one’s knowledge of risk, Security Culture encompasses knowledge as a starting point, but also includes seven additional critical dimensions: attitude, behavior, cognition, communication, compliance, norms, and responsibilities.

While some industries saw security culture stagnate or decline during the pandemic, it was encouraging to see a number of industries use the pandemic as an opportunity to improve.

Some of the most important findings from the report include:

  • NEW this year! A new section gives an in-depth view of the state of specific aspects of security culture.
  • Both the Education and Legal industries improved their security culture scores by several points.
  • The Consumer Services, Construction and Business Services industries decreased their security culture scores by one point.

Get your copy of the report now!

The Security Culture Report 2021

Get the Report


Dimension

Definition

Attitudes

The feelings and beliefs that employees have toward the security protocols and issues

Behaviors

The actions and activities of employees that have direct or indirect impact on the security of the organization

Cognition

Employees’ understanding, knowledge, and awareness of security issues and activities

Communication

The quality of communication channels to discuss security-related topics, promote a sense of belonging, and provide support for security issues and incident reporting

Compliance

The knowledge of written security policies and the extent that employees follow them

Norms

The knowledge of and adherence to unwritten rules of conduct in the organization

Responsibilities

How employees perceive their role as a critical factor in sustaining or endangering the security of the organization


The research provided a security culture score which is a measurement that describes the overall security culture of an organization. By aggregating the scores of organizations in each industry, we can learn how each industry compares across the seven outlined dimensions of security culture. In general, a score below 80 is considered moderate, and a score below 60 is poor to moderate.


CLTRe Report 2021 Inside Pages

Consider your own organizational Security Culture for a moment. Does it even exist?

Security Culture focuses on how people are expected to think about and approach a more secure environment. This is when employees internalize what their individual roles and responsibilities are to better protect and defend, not only their professional environment but their personal one, too. Consider it an eye on raising security readiness in order to instinctively act like protective human armor.

Your employees may have bad security-related behaviors either acquired on their own or through a lack of organizational focus and discipline. Change is hard, we get it. But in this case, favorably changing employee behaviors by architecting a meaningful and relevant security culture could protect your organization and executives from brand damage, reputational loss, and financial hardship.

Haven’t given it much thought? No worries, KnowBe4 has, and we have the research to prove it!

KnowBe4’s Security Culture Report provides an objective and scientific method for assessing, reporting, and comparing the relative cybersecurity culture-related strengths and weaknesses of individuals, organizations, industry sectors, and regions across the seven dimensions mentioned above.

The Report is the result of data collected from global employees in the following industries: Banking, Business, Services, Construction, Consulting, Consumer Services, Education, Energy & Utilities, Financial Services, Government, Healthcare & Pharmaceuticals, Insurance, Legal, Manufacturing, Not for Profit, Other, Retail & Wholesale, Technology, and Transportation.

The power of the Security Culture Report is that it helps you better understand the distinct factors that comprise an otherwise forgotten concept. Armed with an understanding of the Seven Dimensions of Culture, you can then begin to evaluate your own organization’s security culture and reduce the risk that you know is coming for you.

Ready to begin the journey? Download the 2021 Security Culture Report from KnowBe4 Research.

Want to measure your own Security Culture? KnowBe4 customers have access to the Security Culture Survey (SCS) in the ModStore Training Library.

Get the Report!


Get the latest about social engineering

Subscribe to CyberheistNews