Kai Roer (author of “Build a Security Culture” by publisher IT-Governance) has over 25 years of experience in cybersecurity, with much of his expertise centered around security culture. He is currently managing director of CLTRe, a KnowBe4 company, and managing director of KnowBe4 Research where he is responsible for security culture research. Prior to founding CLTRe, Roer created the global de-facto standard Security Culture Framework. His groundbreaking research into security culture metrics provides organisations worldwide with deep insights into the human factors that influence risk and security. Roer is an award-winning specialist on security behaviors and security culture as well as a best-selling author. He is the host of the videocast Security Culture TV and an avid blogger. Roer keynotes at events around the world. He belongs to the Norway Chapter of the Cloud Security Alliance.
This talk is based on the latest research from KnowBe4 Research and CLTRe, a KnowBe4 company. The latest study analyzes 97,661 employees in 1,115 organizations worldwide. The findings reveal that organizations with improved security culture see significantly lower risky security behaviors.
Actions such as opening phishing emails, clicking on malicious links, and unintentional credential sharing are all reduced when an organization’s security culture score improves.
As organizations improve their security culture, the risky behaviors of their employees are significantly reduced. For example, organizations with Poor Security Culture (5.2% of employees enter data) have 52 times as much risky behaviors as those organizations classed as having Good Security Culture.
These findings provide very important reasons to focus on improving security culture in organizations. The authors recommend that organizations work to improve their security culture and that they measure the progress. A number of actions that can be taken to move to a better security culture class are suggested.