29 Dec Global Trends In Security Culture
in Blogs, Videos
The largest study of its kind, surveying more than 530,000 employees across 2,910 organizations worldwide
– KnowBe4 Research
Sausalito, Calif. – Dec. 29, 2022
Download the 2022 Security Culture Report
The 2022 Security Culture Report (SCR) is the largest, globally recognized research into security awareness, behavior and culture available. The SCR, published by KnowBe4, offers unique insights which allow organizational leaders to better understand how employees view security within their organizations. This information is also leveraged by business leaders to ensure necessary investment dollars are allocated to the most critical part of the security infrastructure: the human element.
The SCR provides a number of key resources essential in understanding and measuring an organization’s security culture.
A Standard Way to Measure and Report
This report uses the globally recognized Security Culture Index. The use of a standard index offers direct value by allowing the reader to compare the information presented in a meaningful way.
The index ranges are as follows:
- 90 up to 100 Excellent
- 80 up to 89 Good
- 70 up to 79 Moderate
- 60 up to 69 Mediocre
- 0 up to 59 Poor
To identify where on the index an organization belongs, the Security Culture Survey (SCS) is used. Leveraged by 2,910 companies worldwide, the SCS is the most comprehensive measurement instrument available to assess an organization’s security culture.
The Global Pandemic Improved Security Culture
The impact of the global pandemic showed that while some industry sectors have reduced their security culture significantly, others have improved. The most significant finding is that no industry is found to have Poor or Mediocre security culture scores. Although all industry sectors have a security culture that is considered Moderate, many of the industries include organizations that have been rated as Good.
Security Culture Varies Around the World
Our results show that some regions and countries are reporting a much better security culture than others. A notable example is the United States of America, which generally trends higher on all aspects of security culture compared to other countries. Behind the USA is Europe, which has a much larger variation in security culture between countries, which results in a lower average. Africa, Asia and South America generally show a lower security culture, suggesting that more work is needed.
Board Level Concern
Security culture has garnered attention from board-level executives. The SCR provides all levels of executives, management and practitioners with the necessary context and data to help navigate the complexity of security within their own organization. In the ever-increasing landscape of social engineering, and the challenge that the human factors bring to any organization today, it is critical that top-level management understand the risk and the impact that security awareness, behaviors and culture have.
Defining Security Culture
It is important to note that the phrase “security culture” is beginning to find its way into the lexicon of security leaders. CISOs and security executives now commonly cite security culture as being a critical element of their security posture. But there is a problem — security leaders have vastly different definitions of security culture, meaning that they do not really know what they are all in agreement about.
We define security culture as the ideas, customs and social behaviors that influence an organization’s security. A common definition makes it possible to discuss the same thing, in the same way. We all know that if you do not measure something, that something does not exist.
Download the 2022 Security Culture Report
– KnowBe4 Research
About KnowBe4 Research
As the dedicated research arm of KnowBe4, KnowBe4 Research is committed to the creation of world-class research into security awareness, behaviors and culture. By combining and analyzing datasets from the Security Culture Survey with behavior data, knowledge tests and training content consumed by millions of employees, KnowBe4 Research dives deep into how organizations can best reduce their risks. KnowBe4 Research works with billions of data points and uses proven scientific methods to analyze, understand and improve security awareness, behavior and culture.