The contribution below is from an external party. The editors are not responsible for the information provided.
A new report from KnowBe4 shows that the behavior with which employees influence the online security of their organization varies greatly within Europe. With a score of 73 on a scale of 100 points, Europe has a global average score on this so-called ‘Security Culture Index’. The Netherlands even scores below average with 69 points. Although employees in some organizations are well informed about the process side of the security strategy, this is not the case for many organizations
What is security culture?
Security culture is defined as “the ideas, practices, and social behaviors of a group that influence the security of an organization.” The strength of an organization’s security culture is determined by the seven dimensions: attitude, behavior, knowledge, communication, compliance, standards and responsibilities. The Security Culture Index (SCI) score is awarded on this basis. An SCI of 0 – 59 is poor, 60 – 69 is poor, 70 – 79 is average, 80 – 89 is good and 90 – 100 is excellent. The European dataset for the KnowBe4 2023 survey was collected from a total of 673 organizations and 162,688 individuals.
Less knowledge and communication, but more proactivity
Compared to global organizations, European employees have, on average, less knowledge about security policies and the extent to which they must follow certain guidelines (compliance dimension). In addition, there is less understanding, knowledge and awareness of security-related matters and activities (knowledge dimension). European organizations also score worse in the field of communication. This dimension can be strengthened by improving communication channels and encouraging open and direct communication, which also has a positive effect on the compliance and knowledge dimensions.
Organization size determines security culture
Strikingly enough, European respondents in medium-sized and small organizations demonstrate safer behavior than people who work at larger (global) organizations. The report shows that employees are more likely to act directly or indirectly in ways that improve the safety of their organization. This may be because communication is perceived as better, there is a stronger sense of connection and there is more support for security issues. In such proactive security cultures, employees recognize that safe behavior goes beyond simply participating in phishing simulations. Employees are intrinsically motivated to make a positive contribution to the security position of their organization.
“Although there is a notable upward trend in security awareness within Europe’s most digitalized sectors, the understanding and implementation of security culture varies greatly from country to country. It is clear that many organizations are still lagging behind in setting up an efficient security culture. Addressing obstacles in organizations where cybersecurity is not recognized as a joint effort of all departments is therefore necessary,” says Dr. Martin J. Kraemer, Security Awareness Advocate at KnowBe4.
Click here for a copy of KnowBe4’s 2024 Security Culture Report.
Tags: KnowBe4 research knowledge online security Netherlands
