New KnowBe4 Study Finds Leaders Value Strong Security Culture But Struggle to Define and Implement It

The Rise of Security Culture study by independent research firm finds 94% of respondents said
security culture is important for business success

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced the results of a new commissioned study conducted by Forrester Consulting on behalf of KnowBe4 titled “The Rise of Security Culture.”The-Rise-Of-Security-Culture-Whitepaper-1

In November 2019, KnowBe4 commissioned Forrester Consulting to evaluate security culture across global enterprises. Forrester conducted an online survey with 1,161 respondents who have managerial duties, or higher, in security or risk management. The study found that leaders know the value of a strong security culture but are struggling to define and implement with the speed of the market.

“KnowBe4 has the most data on security culture of any organization globally and this is the beginning of our efforts to develop even more research related to security culture,” said Perry Carpenter, chief evangelist and strategy officer, KnowBe4. “It’s our goal to help security leaders understand not only the nuances related to what security culture actually entails, but also to provide practical strategies for understanding how their security culture compares to that in other organizations, and what they can do to elevate their culture.”

“As someone who has built an entire organization based on security culture, I can appreciate many of the facets of building and maintaining a successful security culture within an organization,” said Kai Roer, security culture advocate, KnowBe4 and managing director, CLTRe. “This study has shown us that a strong security culture is a business priority that leaders are still working to accurately define. Perhaps the most surprising finding from the study was that business principles, not risk mitigation, are the main motivation for building a strong security culture.”

Key findings include:

  • Security culture is a business priority, with 94% of respondents saying it is important for business success.
  • Security culture is not universally defined. Respondents were split into five different groups, all with similar, but different, definitions of security culture.
  • Decision makers are overconfident in their current security cultures. 92% of security leaders said they have embedded security culture in their organizations; however, these same leaders are still experiencing security incidents and have yet to merge their security strategies with their overall business strategies.
  • Strong security culture will yield high customer satisfaction. 63% percent of respondents expect an increase in customer trust as a result of a strong security culture, and over half expect it to increase their brands’ value.

To download a copy of The Rise of Security Culture study, visit

About KnowBe4

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 32,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as the last line of defense.

Return To KnowBe4 Press Releases

Get the latest about social engineering

Subscribe to CyberheistNews