-

New KnowBe4 Report Finds Security Culture Gaining Momentum in North American Organizations

More organizations are embedding cybersecurity initiatives beyond technological controls and recognizing that people form an important part in creating a strong security culture

TAMPA BAY, Fla.--(BUSINESS WIRE)--KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced the release of its 2024 Security Culture Report. The report examines how cybersecurity measures related to the human element affect organizations and the way people act and feel at work.

KnowBe4 defines “security culture” as the ideas, customs and social behaviors that influence an organization’s security and reduces human risk. Security culture is best understood as the collective mindset, practices and norms that shape how an organization approaches and prioritizes security.

KnowBe4's latest Security Culture Report reveals that the overall security culture score globally stands at a low-moderate level, unchanged from the prior year. Organizations recognize that employees are a key defense against cyberattacks and that leadership needs to adopt a top-down approach to build a strong security culture. The report shows that smaller organizations are performing better in their overall security culture compared to larger counterparts, primarily because larger organizations often struggle with efficient leadership communication due to their size, whereas in smaller organizations, individuals feel more responsible for security.

The 2024 report shows that organizations in the insurance, financial services, and banking industries are top performers in security culture in the U.S. and lead the charge due to the high-risk nature of their operations. These industries have been targets of traditional cybercrime for decades, therefore they have sustained a strong emphasis on security culture. On the other side of the spectrum, despite being prime targets, government, manufacturing, and education sectors are struggling to uphold adequate standards and may have contributed to a small dip in the overall security culture score in North America compared to the previous year. This is largely attributed to resource constraints in those sectors that limit their ability to counter cyber threats effectively.

"The growing understanding of the essential role that security culture plays within any successful organization is encouraging,” said Stu Sjouwerman, CEO, KnowBe4. “However, this is an ongoing process and building and maintaining a strong security culture is not a luxury, but a business necessity. It is critical for all industries, especially those heavily targeted by cybercriminals, to prioritize security culture and invest appropriately, particularly in reducing human-based risk."

The report addresses AI garnering significant attention but not yet impacting the nature of cyberattacks. While bad actors may exploit AI to create sophisticated social engineering tactics, the foundational structure of cyberattacks remains unaltered. This is because attacks will follow the same core formula of social engineering, armed with more efficient tools such as deepfakes and dramatically improved translations. As a result, defenses against these cyberattacks would follow a consistent formula of watching out for traditional signs of social engineering. Therefore, using AI's potential to train individuals and enhance defensive measures is a strategic necessity against cybercrime.

To download a copy of KnowBe4’s 2024 Security Culture Report, visit here. KnowBe4 also offers a Security Culture How-To Guide which provides steps and a checklist for organizations to define, build and foster a strong security culture.

About KnowBe4

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 65,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. The late Kevin Mitnick, who was an internationally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Organizations rely on KnowBe4 to mobilize their end users as their last line of defense and trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Contacts

Amanda Tarantino
amandat@knowbe4.com

More News From KnowBe4

KnowBe4 Research Finds Global Phishing Susceptibility Drops 79% After One Year of Security Awareness Training

TAMPA BAY, Fla.--(BUSINESS WIRE)--KnowBe4, the global leader in digital workforce security, securing both AI agents and humans, today released its 2026 Phishing by Industry Benchmarking Report, revealing that organizations can reduce phishing susceptibility by 79% after one year of consistent security awareness training (SAT), despite a threat landscape increasingly powered by artificial intelligence. The report analyzed 42 million phishing simulations across 14.8 million users at 64,000 organi...

KnowBe4 Announces Workforce Security Summit to Address AI-Native Threats and Securing Digital Workforces

TAMPA BAY, Fla.--(BUSINESS WIRE)--KnowBe4, the global leader in digital workforce security, securing both AI agents and humans, today announced its upcoming Workforce Security Summit. The global virtual event is designed to help organizations modernize their security strategies for an era where the corporate workforce is no longer purely human, but comprised of both human employees and AI agents. As attackers rapidly weaponize deepfakes, voice cloning, and AI-powered phishing, traditional defen...

Over Half of British Employees Are Currently Using ‘Unapproved’ AI Tools at Work, KnowBe4 Research Finds

LEEDS, England--(BUSINESS WIRE)--KnowBe4, the global leader in digital workforce security, securing both AI agents and humans, has today revealed the UK-specific findings of its latest research report: From Agentic Risk to Human Wins. The research found that UK organisations are increasingly concerned about employees using unapproved software and AI tools, with 58% of decision makers citing it as their top human-related cyber risk. The concern is well founded: 55% of employees admit to using un...
Back to Newsroom