Global Trends In Security Culture

Global Trends In Security Culture

The largest study of its kind, surveying more than 530,000 employees across 2,910 organizations worldwide

KnowBe4 Research

Sausalito, Calif. – Dec. 29, 2022

Download the 2022 Security Culture Report

The 2022 Security Culture Report (SCR) is the largest, globally recognized research into security awareness, behavior and culture available. The SCR, published by KnowBe4, offers unique insights which allow organizational leaders to better understand how employees view security within their organizations. This information is also leveraged by business leaders to ensure necessary investment dollars are allocated to the most critical part of the security infrastructure: the human element.

The SCR provides a number of key resources essential in understanding and measuring an organization’s security culture.

A Standard Way to Measure and Report

This report uses the globally recognized Security Culture Index. The use of a standard index offers direct value by allowing the reader to compare the information presented in a meaningful way.

The index ranges are as follows:

  • 90 up to 100 Excellent
  • 80 up to 89 Good
  • 70 up to 79 Moderate
  • 60 up to 69 Mediocre
  • 0 up to 59 Poor

To identify where on the index an organization belongs, the Security Culture Survey (SCS) is used. Leveraged by 2,910 companies worldwide, the SCS is the most comprehensive measurement instrument available to assess an organization’s security culture.

The Global Pandemic Improved Security Culture

The impact of the global pandemic showed that while some industry sectors have reduced their security culture significantly, others have improved. The most significant finding is that no industry is found to have Poor or Mediocre security culture scores. Although all industry sectors have a security culture that is considered Moderate, many of the industries include organizations that have been rated as Good.

Security Culture Varies Around the World

Our results show that some regions and countries are reporting a much better security culture than others. A notable example is the United States of America, which generally trends higher on all aspects of security culture compared to other countries. Behind the USA is Europe, which has a much larger variation in security culture between countries, which results in a lower average. Africa, Asia and South America generally show a lower security culture, suggesting that more work is needed.

Board Level Concern

Security culture has garnered attention from board-level executives. The SCR provides all levels of executives, management and practitioners with the necessary context and data to help navigate the complexity of security within their own organization. In the ever-increasing landscape of social engineering, and the challenge that the human factors bring to any organization today, it is critical that top-level management understand the risk and the impact that security awareness, behaviors and culture have.

Defining Security Culture

It is important to note that the phrase “security culture” is beginning to find its way into the lexicon of security leaders. CISOs and security executives now commonly cite security culture as being a critical element of their security posture. But there is a problem — security leaders have vastly different definitions of security culture, meaning that they do not really know what they are all in agreement about.

We define security culture as the ideas, customs and social behaviors that influence an organization’s security. A common definition makes it possible to discuss the same thing, in the same way. We all know that if you do not measure something, that something does not exist.

Download the 2022 Security Culture Report

KnowBe4 Research

About KnowBe4 Research

As the dedicated research arm of KnowBe4, KnowBe4 Research is committed to the creation of world-class research into security awareness, behaviors and culture. By combining and analyzing datasets from the Security Culture Survey with behavior data, knowledge tests and training content consumed by millions of employees, KnowBe4 Research dives deep into how organizations can best reduce their risks. KnowBe4 Research works with billions of data points and uses proven scientific methods to analyze, understand and improve security awareness, behavior and culture.

Source link