Book A Demo

2024 Security Culture Report from KnowBe4

Image shows Businessman using tablet and set up network connection with shield guard to protected from cyber attacks. Network security system concept. Unlock data to run your law firm better

We’re thrilled to announce the release of the 2024 Security Culture Report from our partners at KnowBe4. This annual report dives deep into how security measures affect organizations and the way employees act and feel at work.

The 2024 report delivers insights from over 800,000 employees in 4,078 organizations across 18 industries – the largest effort to date. 

Before we get into the report’s results, let’s take a look at what it is measuring.

What is Security Culture?


KnowBe4 defines “security culture” as the ideas, customs and social behaviors that influence an organization’s security and reduces human risk. Security culture is best understood as the collective mindset, practices and norms that shape how an organization approaches and prioritizes security.

Assessing an organization’s security culture includes evaluations of the following dimensions:

  • Attitudes
  • Behaviors
  • Cognition
  • Communication
  • Compliance
  • Norms
  • Responsibilities

Based on evaluations above, organizations are placed within the following index:

Image shows the security culture index scale

Security Culture Results

In 2024, the overall security culture score globally stands at 72 (low to moderate), unchanged from the prior year. As one would expect, smaller organizations tend to have higher scores because it is far easier to change the culture of a smaller group than a larger one.

In fact, of the seven security dimensions measured in KnowBe4’s research, “Behaviors” was the only one in which large organizations scored higher than others. Globally there seems to be less understanding, knowledge, and awareness of security, as well as less responsibility. 

While there is a great deal of variance depending on geographical location, organization size, and industry, the sobering fact is that there is much work still to be done in order to raise the standard in culture.

Takeaways from Around the World

  • In Africa, the average average score is 72 (same as the prior year) for the assessed organizations from 20 countries across Africa.
  • In Asia, a wide variation of security culture scores exists. Notably, the Middle East and East Asia exhibit a higher degree of maturity in their security cultures compared to their counterparts in Central, South, and Southeast Asia.
  • In Europe, security culture exhibits significant variation in understanding and adoption across industries, with a general trend toward increased awareness in highly digitized sectors.
  • In North America, Financial organizations and those that handle large sums of money continue to lead the charge simply because the stakes are so high. Unfortunately, Government, Manufacturing, and Education represented some of the lowest scores despite being some of the biggest targets, including for ransomware.
  • Security culture in Oceania has increased year over year as a topic of interest in the region with a welcome addition of business units outside of IT, such as HR, at the table.
  • For South America, the overall score is categorized as low to moderate, standing at 71. It’s important to highlight that the sample sizes from various South American countries are small, indicating a general lack of fundamental security measures within numerous organizations.

How Healthy is Your Law Firm’s Security Culture?

As a law firm leader, you can leverage the data from this report to ensure necessary investment dollars are allocated to the most critical part of your firm’s security infrastructure: the human layer.

Your employees’ knowledge, beliefs, values, and behaviors will make the difference between protection and breach. That’s why focusing on security culture is so important. An organization’s employees are at the center of everything; they can either be easy prey, or they can become an effective human layer of defense.

“The growing understanding of the essential role that security culture plays within any successful organization is encouraging,” said Stu Sjouwerman, CEO, KnowBe4. “However, this is an ongoing process and building and maintaining a strong security culture is not a luxury, but a business necessity. It is critical for all industries, especially those heavily targeted by cybercriminals, to prioritize security culture and invest appropriately, particularly in reducing human-based risk.”

If you would like to assess your law firm’s security culture, contact Savvy today.

Youtube

Contact Us: