In the 2020 “Security Culture Report”, data was collected from 120,050 employees in 1,107 organisations across 24 countries. There was a total of 17 industry sectors examined in detail and results revealed a large gap between the best performers and the poor performers when it comes to security culture. Only 7% of the analysed organisations have demonstrated a good security culture. The majority, 92%, were found to have developed a moderate security culture.
The study carried out by KnowBe4’s newly formed research arm, showed that the best performers were from Banking, Financial Services, and Insurance and the worst performers were from Education, Transportation and Energy & Utilities sectors.
It also highlighted that while 94% of organisations agreed that security culture is important, a universal meaning of the term has not yet been defined. However, in this particular industry comparison report, all industries were compared according to their security culture scores and across each of the seven dimensions that CLTRe – the research company that KnowBe4 acquired last year – measures: Attitudes, Behaviours, Cognition, Communication, Compliance, Norms and Responsibilities of security culture.
“Both KnowBe4 and CLTRe were founded because the human element of security awareness was underserved,” explained Kai Roer, managing director for CLTRe, a KnowBe4 company. “Culture can significantly affect an organisation’s security. With this survey, we aim to provide the most comprehensive study of cybersecurity culture-related data. No other organisation has taken this unique approach to evaluating security culture using seven different dimensions across multiple industries.”
Perry Carpenter, chief evangelist and strategy officer for KnowBe4 and a former Gartner analyst who now heads this new division, added, “We created KnowBe4 Research as a special projects division. Our mission is to provide IT and security leaders with high quality, vendor neutral data-driven insights related to cybersecurity and the human element.”
To download a copy of the KnowBe4 Security Culture Report, visit https://www.knowbe4.com/organizational-cyber-security-culture-research-report