The Security Culture Survey

Measure security culture within your organization

Building a strong and positive security culture is an effective mechanism to influence your users’ behavior and thereby reduce your organization’s risk. Organizations with better security culture are significantly less (up to 52X less) likely to get phished.

Built following a strict and rigorous scientific methodology, the Security Culture Survey is a standardized assessment to measure an organization’s security culture and identify areas for improvement.

Security culture can be defined as the ideas, customs and social behaviors that impact the security of your organization.

The Security Culture Survey (SCS) can help you answer questions like:

  • Does my organization care about security?
  • Which areas of the business are least/most security-minded?
  • Which employees are most risk-averse?
  • How strong or weak is our security culture?
  • In what part of our organization do we need to improve security culture?
  • How effective is our security culture program?

In addition to answering operational questions like those above, the SCS provides you with a KPI for reporting your organization’s security posture to the board.



The Security Culture Survey was created with social scientific methods and principles



Pinpoint key areas for improvement by measuring precise insights to your security culture throughout your organization



Best practice is to survey your users after their first 90 days of employment, followed by an ongoing assessment once per year for all users



Your users take the survey assessment just like training through the KnowBe4 Learning Experience interface they are already familiar with

The Seven Dimensions of Security Culture

The Security Culture Survey measures the sentiments of your users towards security in your organization – the psychological and social aspects that drive social behavior. Specifically, the SCS measures seven dimensions of security culture which include:

  • ATTITUDES - The feelings and beliefs that employees have toward the security protocols and issues.
  • BEHAVIOR - The actions and activities of employees that have direct or indirect impact on the security of the organization.
  • COGNITION - The employees’ understanding, knowledge and awareness of security issues and activities.
  • COMMUNICATION - The quality of communication channels to discuss security-related events, promote a sense of belonging, and provide support for security issues and incident reporting.
  • COMPLIANCE - The knowledge of written security policies and the extent that employees follow them.
  • NORMS - Unwritten expectations regarding appropriate behaviors pertaining to usage of information technology in organizational context, perception of what practices are normal and unproblematic.
  • RESPONSIBILITY - The employees’ perceived role as a critical factor in sustaining or endangering the security of the organization.

Take the guesswork out of measuring your users' security awareness sentiment over time and discover the true security culture score of your organization!


The Security Culture Survey Explained

The Security Culture Survey enables organizations to:

  • Measure the effectiveness of your program
  • Assess norms, attitudes, and social behaviors
  • Identify potential insider threats
  • Focus effort where it’s most needed

In addition, the data and insights provided are used by the board and executive management to:

  • Identify and understand the human factors that influence risk,
  • Justify/adjust budgets & expenditure,
  • Influence/drive strategy, and
  • Support decision making

Manage Your Security Culture

With the Security Culture Survey, you get the measure of your security culture at every level of your organization. Our security culture assessment provides a scientifically valid and reliable baseline that is replicable (can be repeated over time) and meaningful.

By measuring the culture (the ideas, customs and social behaviors) that your organization, and its subgroups, have towards information security, the SCS reports pinpoint the key areas of concern within your organization (potential insider threats) and identifies the strengths and weaknesses of the security culture.

Security Culture Score Benchmarks

The Security Culture Survey (SCS) Benchmarks lets you compare your organization’s average security culture score with other organizations in your industry. When you use the SCS, you get an overview of the seven dimensions that make up your security culture and an overall security culture score for your organization. You can use the SCS Benchmarking to track how your organization’s culture changes over time relative to your specific industry.

Reach Every Corner of Your Organization

Achieving a strong security culture that is consistent and sustainable throughout the organization becomes easier when you have real data showing what impact campaigns are having in each areas of the business.

From organizational level down to individual groups, get real insight into the security culture of your organization at every level. The Security Culture Survey helps you get a better understanding of the impact and effectiveness of your security awareness/culture program. Your security culture score can help you understand how some employees think about and understand security or communicate security-related topics differently from others.


Baseline Testing

We provide baseline testing to assess the security awareness proficiency, Phish-prone percentage, and security culture score of your users.

Phish Your Users

Best-in-class, fully automated simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates.

Train Your Users

The world’s largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters. Automated training campaigns with scheduled reminder emails.

See The Results

Enterprise-strength reporting, showing stats and graphs for both security awareness training and phishing, ready for management. Show the great ROI!


Get the latest about social engineering

Subscribe to CyberheistNews