KnowBe4: Security culture gaining momentum in North American organizations

March 26, 2024
Organizations recognize that employees are a key defense against cyberattacks and that leadership needs to adopt a top-down approach to build a strong security culture.

KnowBe4 today announced the release of its 2024 Security Culture Report. The report examines how cybersecurity measures related to the human element affect organizations and the way people act and feel at work.

KnowBe4 defines “security culture” as the ideas, customs and social behaviors that influence an organization’s security and reduces human risk. Security culture is best understood as the collective mindset, practices and norms that shape how an organization approaches and prioritizes security.

KnowBe4's latest Security Culture Report reveals that the overall security culture score globally stands at a low-moderate level, unchanged from the prior year. Organizations recognize that employees are a key defense against cyberattacks and that leadership needs to adopt a top-down approach to build a strong security culture.

The report shows that smaller organizations are performing better in their overall security culture compared to larger counterparts, primarily because larger organizations often struggle with efficient leadership communication due to their size, whereas in smaller organizations, individuals feel more responsible for security.

The 2024 report shows that organizations in the insurance, financial services, and banking industries are top performers in security culture in the U.S. and lead the charge due to the high-risk nature of their operations. These industries have been targets of traditional cybercrime for decades, therefore they have sustained a strong emphasis on security culture.

On the other side of the spectrum, despite being prime targets, government, manufacturing, and education sectors are struggling to uphold adequate standards and may have contributed to a small dip in the overall security culture score in North America compared to the previous year. This is largely attributed to resource constraints in those sectors that limit their ability to counter cyber threats effectively.

"The growing understanding of the essential role that security culture plays within any successful organization is encouraging,” said Stu Sjouwerman, CEO, KnowBe4. “However, this is an ongoing process and building and maintaining a strong security culture is not a luxury, but a business necessity. It is critical for all industries, especially those heavily targeted by cybercriminals, to prioritize security culture and invest appropriately, particularly in reducing human-based risk."

The report addresses AI garnering significant attention but not yet impacting the nature of cyberattacks. While bad actors may exploit AI to create sophisticated social engineering tactics, the foundational structure of cyberattacks remains unaltered. This is because attacks will follow the same core formula of social engineering, armed with more efficient tools such as deepfakes and dramatically improved translations.

As a result, defenses against these cyberattacks would follow a consistent formula of watching out for traditional signs of social engineering. Therefore, using AI's potential to train individuals and enhance defensive measures is a strategic necessity against cybercrime.

To download a copy of KnowBe4’s 2024 Security Culture Report, visit here. KnowBe4 also offers a Security Culture How-To Guide which provides steps and a checklist for organizations to define, build and foster a strong security culture.