Security Culture Influenced by the Global Effects of COVID-19

CLTRe-2021-SocialIn the Industry Benchmark section of the 2021 Security Culture Report, we describe the security culture scores of each industry sector in detail. This section of the report can be used to get a deep dive into specific industries, and as a benchmark to compare your own scores against those of different industry sectors.

Detailed analysis shows that the majority of all analyzed organizations managed to develop a mediocre or moderate security culture, while only a small portion of organizations have a good security culture. The mean and median of the total security culture score is 73:

Security Culture Survey


Alarmingly, a few organizations are scoring in the Poor bracket and no organizations have reached an Excellent security culture score yet:

Security Culture Index

Which Industries Have the Best and Worst Security Cultures?

Security culture across the industries varies. Again, the 2021 Security Culture Report reveals a gap between the best performers and the poor performers:

Security Industry Benchmark

The best performers are Financial Services and Banking, two industries with a long tradition of managing risk. However, being a “best performer” doesn’t necessarily equate to having performed at a desirable level. For instance, a score of 76, as seen by Banking and Financial Services, is well below a Good security culture, and these industries shouldn’t be too quick to congratulate themselves.

Research into how security culture influences credential sharing shows that moving from one security culture class to another is directly correlated to risk. By improving from the current class of Moderate to the next class of Good security culture, these industries see an eight-fold reduction of employees sharing credentials:

Change in Mean Risky Behavior

The worst performers were Education and Construction. Even though Education is still at the bottom of the list, this industry has shown a significant improvement compared to earlier years and is now demonstrating Moderate security culture.

Unlike the Education industry, Construction experienced a drop in their security culture during the pandemic. Other industries with a reduction in security culture are the Consumer Services industry, with a new score of 72, and Business Services, with a new score of 74.

Suffering from Chaos and Confusion

A comparison to last year's results reveals which industries triumphed and which languished. As already mentioned, Construction, Consumer Services and Business Services saw their overall Security Culture Benchmark figure drop one point lower this year. The COVID-19 pandemic has caused chaos and confusion for many.

Numerous organizations have had to make tough financial decisions and a global reduction in workforce in these industries may explain why we see a decline in security culture in these three industries.

The chart, below left, shows the change in security culture within the Business Services industry (-1) which has traditionally shown a relatively high score, making this change somewhat surprising. You also can see a breakdown of this score across the seven dimensions, below right, to reveal its security culture strengths and weaknesses.

Chart Score

Embracing Digital Transformation

On a brighter note, even if some users seem to struggle with transforming their business digitally, the adoption of technology is showing an improved security culture in other industries. The report reveals two industries that saw positive changes in their security culture.

With a score of 70 (shown below left), Education is two points up from last year. This improvement may be explained by education being moved from classrooms to virtual settings due to the COVID-19 pandemic and the associated technology systems and training changes. Below right, you can see how the Education sector scores across the seven dimensions to see this industry's security culture strengths and weaknesses.

KnowBe4 Score


The Legal industry also increased their score by two points. Again, digital transformation may explain this improvement as many legal processes and procedures have moved online. In addition, this industry has had an increased demand for cybersecurity and privacy lawyers due to the increase in cyber attacks. Legal practices that facilitate the collection and protection of data have thrived.

What is Security Culture?

Security culture is the ideas, customs and social behaviors that impact an organization’s security. In information security culture, we look at how the cultural aspects influence the information management. In cybersecurity culture, the focus is on the part of information management that uses cyber technology to create, manipulate or store information and data.

The purpose of the security culture survey and the Security Culture Report is to provide an objective scientific method for assessing, reporting and comparing the relative information security culture‑related strengths and weaknesses of individuals, organizations, industry sectors, regions and more.

Results from this year’s Security Culture Report reveal that 2020 was heavily influenced by the global effects of COVID-19. We see pandemic-related ripples within some of the year-over-year changes detected in security culture. 

Security Culture Report 2021—A Global Security Culture Perspective During a Pandemic

CLTRe-2021-FannedThe 2021 KnowBe4 Security Culture Report is the largest study of its kind, measuring organizations' security cultures and surveying more than 320,000 employees across 1,872 organizations worldwide. Security culture is the ideas, customs, and social behaviors of an organization that influence their security.

While some industries saw security culture stagnate or decline during the pandemic, it was encouraging to see a number of industries use the pandemic as an opportunity to improve.

Some of the most important findings from the report include:

  • NEW this year! A new section gives an in-depth view of the state of specific aspects of security culture.
  • Both the Education and Legal industries improved their security culture scores by several points.
  • The Consumer Services, Construction and Business Services industries decreased their security culture scores by one point.

Get the Report

Don't like to click on redirected links? Copy & paste this link into your browser:

Return To KnowBe4 Security Blog

Subscribe To Our Blog

Free Phishing Security Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews