Global findings from the 2022 Security Culture Report indicate that large organizations reported better attitudes and behaviors than smaller organizations regarding security culture, yet small organizations scored better on all other dimensions of security culture
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced that its research arm, KnowBe4 Research, has launched the 2022 Security Culture Report, which looked at trends in security culture for the first time, finding that security culture worldwide has improved overall.
Security culture is the ideas, customs and social behaviors of an organization that influence their security. The 2022 KnowBe4 Security Culture Report looked at the seven different dimensions of security culture (Attitudes, Behaviors, Cognition, Communication, Compliance, Norms and Responsibilities) across regions and industries worldwide.
Key findings from the report include:
- In Africa, there is a tradition and interest in security culture, especially in South Africa, where a higher level of security culture was achieved.
- In Asia, a wide variation of security culture scores across nations exists. While Japan is doing reasonably well, countries like Malaysia and Indonesia show an alarmingly low security culture index score.
- In Europe, both Sweden and Ireland are often considered as technologically advanced. Along with these two countries, Italy and Bulgaria also had higher security culture scores.
- In the USA, differences in security culture exist based on organizational size, where small organizations are outperforming larger organizations.
- Security culture in Oceania is showing that Australia and New Zealand are quite different from each other, and neither is doing particularly well.
- Central and South America are now beginning to measure security culture, with more countries from these regions added every year.
“Security culture involves how people think about and approach a more secure environment and this report focuses on those key elements,” said Perry Carpenter, chief evangelist and strategy officer, KnowBe4. “In the new trend data, which looked at security culture over the last two to three years, security culture has improved across regions and industries overall. This was the most promising finding from our research and emphasizes that security culture should be viewed as a critical asset used to reduce risk and improve security. Further, KnowBe4’s recommendations for continuous security awareness training and simulated phishing assessments as well as measurement tools the organization offers such as the Security Culture Survey are contributing toward creating a stronger security culture across the globe.”
The 2022 Security Culture Report includes responses from more than 530,000 employees in 2,910 organizations around the world who are also KnowBe4 customers and have completed the Security Culture Survey. To download the 2022 KnowBe4 Security Culture Report, visit https://www.knowbe4.com/organizational-cyber-security-culture-research-report.
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 50,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as the last line of defense.