Security culture ‘improved overall’ in past three years

Global findings from the 2022 Security Culture Report indicate that large organisations reported better attitudes and behaviours than smaller organisations regarding security culture, yet small organisations scored better on all other dimensions of security culture, according to KnowBe4.

The report covers responses from more than 257,000 employees in 1,456 organisations around the world who are also KnowBe4 customers.

Findings shows that in Asia, organisational size is a smaller factor than in some other regions.

With the exception of Medium organisations on the Attitudes and Behaviours dimensions, KnowBe4 saw that the organisational size has little impact on security culture. The company clarified that their findings may be skewed due to the comparably small sample size of 39 organisations and 15,095 employees across the continent.

In Asia, a wide variation of security culture scores across nations exists. While Japan is doing reasonably well, countries like Malaysia and Indonesia show an alarmingly low security culture index score.

“Security culture involves how people think about and approach a more secure environment and this report focuses on those key elements,” said Perry Carpenter, chief evangelist and strategy officer at KnowBe4. 

Carpenter said that in the new trend data, which looked at security culture over the last two to three years, security culture has improved across regions and industries overall. 

“This was the most promising finding from our research and emphasizes that security culture should be viewed as a critical asset used to reduce risk and improve security,”

Further, KnowBe4’s recommendations for continuous security awareness training and simulated phishing assessments as well as measurement tools the organisation offers such as the Security Culture Survey are contributing toward creating a stronger security culture across the globe.”