[Security Culture Report 2021] A Global Security Culture Perspective During a Pandemic


The 2021 KnowBe4 Security Culture Report is the largest study of its kind, measuring organizations' security cultures and surveying more than 320,000 employees across 1,872 organizations worldwide. Security culture is the ideas, customs, and social behaviors of an organization that influence their security.

Security Awareness and Security Culture are two terms that are often times interchangeably used, but actually couldn’t be more conflicting. Where Security Awareness is one’s knowledge of risk, Security Culture encompasses knowledge as a starting point, but also includes 7 additional critical dimensions: attitude, behavior, cognition, communication, compliance, norms, and responsibilities.

While some industries saw security culture stagnate or decline during the pandemic, it was encouraging to see a number of industries use the pandemic as an opportunity to improve.

Some of the most important findings from the report include:

  • NEW this year! A new section gives an in-depth view of the state of specific aspects of security culture.
  • Both the Education and Legal industries improved their security culture scores by several points.
  • The Consumer Services, Construction and Business Services industries decreased their security culture scores by one point.

Consider your own organizational Security Culture for a moment. Does it even exist?

Security Culture focuses on how people are expected to think about and approach a more secure environment. This is when employees internalize what their individual roles and responsibilities are to better protect and defend, not only their professional environment but their personal one, too. Consider it an eye on raising security readiness in order to instinctively act like protective human armor.

Your employees may have bad security-related behaviors either acquired on their own or through a lack of organizational focus and discipline. Change is hard, we get it. But in this case, favorably changing employee behaviors by architecting a meaningful and relevant security culture could protect your organization and executives from brand damage, reputational loss, and financial hardship.

Haven’t given it much thought? No worries, KnowBe4 has, and we have the research to prove it!

KnowBe4’s Security Culture Report provides an objective and scientific method for assessing, reporting, and comparing the relative cybersecurity culture-related strengths and weaknesses of individuals, organizations, industry sectors, and regions across the 7 dimensions mentioned above.

The Report is the result of data collected from global employees in the following industries: Banking, Business, Services, Construction, Consulting, Consumer Services, Education, Energy & Utilities, Financial Services, Government, Healthcare & Pharmaceuticals, Insurance, Legal, Manufacturing, Not for Profit, Other, Retail & Wholesale, Technology, and Transportation. 

The power of the Security Culture Report is that it helps you better understand the distinct factors that comprise an otherwise forgotten concept. Armed with an understanding of the 7 Dimensions of Culture, you can then begin to evaluate your own organization’s security culture and reduce the risk that you know is coming for you.


Ready to begin the journey? Download the 2021 Security Culture Report Today!

Get the Report

Don't like to click on redirected links? Copy & paste this link into your browser: https://www.knowbe4.com/organizational-cyber-security-culture-research-report

Want to measure your own Security Culture? KnowBe4 customers have access to the Security Culture Survey (SCS) in the ModStore Training Library.

Subscribe To Our Blog

Free Phishing Security Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews