KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced the release of its 2024 Security Culture Report. The report examines how cybersecurity measures related to the human element affect organisations and the way people act and feel at work.
KnowBe4 defines ‘security culture’ as the ideas, customs and social behaviours that influence an organisation’s security and reduce human risk. Security culture is best understood as the collective mindset, practices and norms that shape how an organisation approaches and prioritises security.
KnowBe4’s latest Security Culture Report reveals the overall security culture score globally stands at (72) a low-moderate level, and a measure based on seven different dimensions of security culture (Attitudes, Behaviours, Cognition, Communication, Compliance, Norms and Responsibilities) across regions and industries worldwide. This was unchanged from the prior year.
However, looking to Asia, the analysis reveals only a few countries and industries within the region reach the global average, pointing to a widespread lack of awareness and appreciation for the importance of security culture. In 2024 Singapore recorded a security awareness score of (72), Malaysia (71), Indonesia (65), Philippines (71), and Thailand (68). The region continues to trail Europe (73) and North America (73). The report emphasises the need for organisations in the region to invest in internal security awareness programs and collaborate to improve their overall cybersecurity posture.
Across Asia, the leading industries with a security culture score over 73 are highly regulated. They are Government (74), Energy and Utilities (74), and Banking (74). At the other end of the spectrum, industries with low-security culture scores include Construction and Legal (68 for both) and Education (69). These industries are advised to focus on areas of improvement within the seven distinct security culture dimensions if they are to make a positive impact moving forward.
Globally, organisations recognise that employees are a key defence against cyberattacks and that leadership needs to adopt a top-down approach to build a strong security culture. The research highlights that organisations in Asia generally exhibit lower cybersecurity behaviour scores compared to the global average regardless of size, and they also tend to score lower on compliance measures. This trend may translate into a weaker overall cybersecurity stance, with employees being less inclined to follow security guidelines or to act in a secure manner.
KnowBe4’s Dr. Martin Kraemer – Security Awareness Advocate is concerned: “Asia’s rapid digital growth, coupled with a strong manufacturing sector and a surge of new tech users, have created a digital landscape increasingly vulnerable to cyberattacks. Building and maintaining a robust security culture is no longer a luxury, but a critical business imperative. As cyberattacks continue to evolve, it’s essential for all industries, particularly those heavily targeted by cybercriminals, to prioritise this investment. By focusing on initiatives that address human-based risks, organisations can significantly strengthen their overall cybersecurity posture.” .
The report addresses AI garnering significant attention but not yet impacting the nature of cyberattacks. While bad actors may exploit AI to create sophisticated social engineering tactics, the foundational structure of cyberattacks remains unaltered. This is because attacks will follow the same core formula of social engineering, armed with more efficient tools such as deepfakes and dramatically improved translations. As a result, defences against these cyberattacks would follow a consistent formula of watching out for traditional signs of social engineering. Therefore, using AI’s potential to train individuals and enhance defensive measures is a strategic necessity against cybercrime.
To download a copy of KnowBe4’s 2024 Security Culture Report, visit here. KnowBe4 also offers a Security Culture How-To Guide which provides steps and a checklist for organisations to define, build and foster a strong security culture.
