KnowBe4, the provider of security awareness training and simulated phishing platform, has announced a new white paper aimed to prove with data for the first time the correlation between security culture and secure behavior, titled “How Security Culture Invokes Secure Behavior.”
In fact, there is a 52 times difference between the behaviors of credential sharing in the worst class (Poor) and the best class (Good). This means the more focus given to security culture, the greater the likelihood that employees will follow secure practices and adopt more secure behaviors.
This is the most comprehensive study of examining the behavior and security culture, with over 97,000 employees across 1,115 organizations worldwide. KnowBe4 has observed that the link exists between the level of security culture in an organization and the measure of secure behavior of its employees.
“Through this groundbreaking research, we have been able to validate the link between security culture and secure behavior,” said Joanna Huisman, SVP strategic insights and research, KnowBe4. “In this paper, we have outlined actionable steps that organizations can take to help build upon and improve their security culture. These steps outline concrete ways to help build a solid security culture for organizations aiming to be more secure overall.”
In organizations with poor security culture, employees on average enter data in 5.2% of cases of phishing emails which they receive. This percentage significantly declines with increasing security culture. In organizations with good security culture, employees on average enter data in only 0.1% of cases of phishing emails which they receive.
Therefore, an inescapable conclusion from this worldwide study is that more attention is paid to the security culture, the greater the chance of safe behavior of employees.