Security Culture Report Finds a Large Gap Exists Between the Best and Worst Performers for Security Culture


In this week’s podcast episode we talk with Perry Carpenter, Chief Evangelist, and Strategy Officer with KnowBe4. We discuss KnowBe4’s new research arm, KnowBe4 Research, and their recently released Security Culture Report.

In the 2020 “Security Culture Report”, data was collected from 120,050 employees in 1,107 organizations across 24 countries. There were a total of 17 industry sectors examined in detail. Results from this year’s report revealed a large gap between the best performers and the poor performers when it comes to security culture. The best performers were from Banking, Financial Services, and Insurance and the worst performers were from Education, Transportation, and Energy & Utilities.

Perry Carpenter (author of, “Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors” from Wiley Publishing) currently serves as Chief Evangelist and Strategy Officer for KnowBe4, the provider of the world’s largest security awareness and simulated phishing platform.

Carpenter holds a Master of Science in Information Assurance (MSIA) from Norwich University and is a Certified Chief Information Security Officer (C|CISO).

Click the image below to listen to this episode on Brilliance Security Magazine Podcast.

In the 2020 “Security Culture Report”, data was collected from 120,050 employees in 1,107 organizations across 24 countries. There were a total of 17 industry sectors examined in detail. Results from this year’s report revealed a large gap between the best performers and the poor performers when it comes to security culture. The best performers were from Banking, Financial Services, and Insurance and the worst performers were from Education, Transportation, and Energy & Utilities.

Security culture varies across industries. In the industry comparison report, all industries were compared according to their security culture scores and across each of the seven dimensions (Attitudes, Behaviors, Cognition, Communication, Compliance, Norms, and Responsibilities) of security culture.

Download a copy of the report here.


Steven Bowcut, CPP, PSP is an award-winning journalist covering cyber and physical security. He is an editor and writer for Brilliance Security Magazine as well as other security and non-security online publications. Follow and connect with Steve on Twitter, Facebook, Instagram, and LinkedIn.