KnowBe4 launches free self-assessment to boost security culture
Practical assessment for human risk
The Program Maturity Assessment (PMA), developed by security culture specialist Perry Carpenter, seeks to bridge the gap between human behaviour and cybersecurity practice.
Unlike many technical assessments or frameworks requiring external consultants, the PMA offers a structured and jargon-free self-assessment. It translates cybersecurity concepts into concrete, actionable recommendations suitable for organisations of varying sizes and across industries.
The assessment examines ten critical dimensions of security culture, considering elements such as leadership involvement, employee behaviour, and the integration of business processes.
Users receive quantifiable and visual feedback across 40 Culture Maturity Indicators (CMIs), enabling an objective understanding of both strengths and vulnerabilities in their current practices.
Customised recommendations
After completing the PMA, participants are provided with a personalised maturity classification mapped onto a five-level scale.
This is visualised across each assessed dimension, giving a comprehensive picture of where improvements are needed. Alongside this, PMA delivers prioritised and actionable steps intended to strengthen what is often described as the 'human firewall' within organisations.
Additionally, the tool's output identifies specific gaps, from employee mindset to executive communication. Organisations also receive a strategic roadmap with tailored recommendations, allowing for focused resource allocation and plans for ongoing cultural development.
Developed with clarity in mind "Every meaningful program requires clarity: clarity of purpose and clarity of impact. This is especially true with Human Risk Management programs where lack of clarity and impact will leave an organization exposed in ways they may not appreciate." said Perry Carpenter, chief human risk management strategist at KnowBe4. "Organisations need a way to demonstrate effectiveness of their human risk management program and show leadership its value. This is especially true when programs fail to account for the human element—employees whose everyday decisions significantly impact organizational security. The PMA offers a clear, data-driven approach that helps leaders identify key areas for improvement, allocate resources more effectively, and build a stronger, more resilient security culture. It's about giving organizations the insight they need to make informed decisions and foster lasting cultural change."
The PMA represents a response to increased targeting and exploitation of human actions by cyber attackers. According to KnowBe4's own "Security Culture: How-To Guide", security culture is a significant predictor of secure behaviour, yet many organisations lack the means to assess and improve it in a systematic way.
Optional consultation for next steps
Beyond the immediate recommendations provided by the PMA, organisations can opt for a follow-up consultation to explore KnowBe4's broader Human Risk Management (HRM+) platform.
This includes further modules for awareness and compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing resources, and AI-driven defence tools, intended to provide ongoing support for building a more resilient security culture.
KnowBe4 reports being used by more than 70,000 organisations globally and positions its offerings as a way to create measurable improvements in the security mindsets and behaviours of workforces. The new PMA tool is available free of charge to support organisations in understanding and developing data-driven strategies for security culture improvement starting with their people.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
29-07-2025
- Techday NZ
KnowBe4, Microsoft add real-time security to Edge for Business
KnowBe4 and Microsoft have announced a new integration between the KnowBe4 SecurityCoach platform and Microsoft Edge for Business aimed at addressing risky online user behaviours. The integration is designed to provide real-time security guidance to users when potentially dangerous actions are detected in the browser, such as reusing passwords, visiting blocked sites, or attempting to bypass security warnings. By leveraging native security signals and browser activity, the solution delivers learning opportunities within seconds of an at-risk behaviour occurring. Industry reports indicate an increasing threat landscape associated with browser usage. Menlo Security recently reported a 140% increase in browser-based phishing attacks, highlighting the importance of strengthening defence mechanisms at the browser level. The collaboration makes KnowBe4 one of the few human risk management platforms featuring a built-in reporting connector for Microsoft Edge for Business. This function is intended to support organisations operating within the Microsoft ecosystem, helping them maximise investments in their current security technologies while encouraging a stronger culture of security awareness. "This new integration presents an ideal opportunity to turn people-centric cybersecurity risks into teachable moments that will ultimately help to better protect businesses. This integration continues KnowBe4 innovation with Microsoft, building upon our successful KnowBe4 Defend integration with Microsoft Defender for Office 365 that launched earlier this year. It also bridges the gap between a company's technical defenses and its users, transforming the biggest potential vulnerability into the strongest asset. We look forward to offering this to our global SecurityCoach customers to help them enhance their security efforts," said Stuart Clark, VP of Product Strategy at KnowBe4. As an increasing number of organisations rely on the browser for primary work activities, the need to ensure proper protection at this endpoint has become more pressing. The new integration targets human error and behaviour - the common weak point in many cyber defence strategies - by combining technical monitoring with immediate user education. "As the browser becomes the primary workspace for users, securing this critical endpoint is essential. We're pleased to see KnowBe4 SecurityCoach integrate with Microsoft Edge to help organizations improve management of human risk and strengthen their security posture," said Arunesh Chandra, Principal Product Manager for Microsoft Edge for Business. The integration with Microsoft Edge for Business builds on previous collaborations between KnowBe4 and Microsoft, including the earlier launch of KnowBe4 Defend compatibility with Microsoft Defender for Office 365. Together, these harmonised solutions are positioned to support organisations in countering the growing array of cyber threats that target human behaviour as much as technological infrastructure. By prompting employees to recognise and correct unsafe practices instantly, organisations can better address the human element of information security. The approach is aligned with broader trends in cybersecurity which seek to reinforce defensive measures not only through technical controls but also through targeted education and user engagement. KnowBe4 reports that it is trusted by more than 70,000 organisations worldwide, providing a range of solutions built around shaping employee behaviour to reduce security risks. Its HRM+ platform includes components such as awareness and compliance training, AI-driven response tools, and real-time user coaching. Follow us on: Share on:
Techday NZ
24-07-2025
- Techday NZ
LRN unveils AI-powered upgrades for Catalyst Reveal compliance tool
LRN Corporation has announced new enhancements to its Catalyst Reveal platform, introducing AI-driven insights and a program maturity assessment for ethics and compliance programmes. The latest features, Reveal Insights and Program Maturity Assessment (PMA), have been developed in response to rising demand among ethics and compliance leaders for greater clarity, precise benchmarking, and tailored analysis in their organisational programmes. According to the company, Reveal Insights is intended to help compliance professionals cut through large volumes of data by identifying and prioritising the top ten areas needing attention. The solution is designed to generate clear, actionable recommendations based on thousands of data points related to each organisation's ethics and compliance activities. "We've heard E&C leaders say they're overwhelmed by data, unsure where to focus, and need insights they can confidently share with senior leadership. Oftentimes, teams lack an in-house data team to support in-depth and nuanced analysis," said Parijat Jauhari, Chief Product and Technology Officer at LRN Corporation. "That's why we created Reveal Insights to scan thousands of available data points and surface the top 10 focus areas. Coupled with PMA, Catalyst Reveal gives you the confidence to back your actions with detailed benchmarking. By listening closely to customer feedback, we've made our data actionable, exportable, and built to elevate the conversation around E&C at the highest levels." Set to be introduced later this year, the enhancements aim to provide compliance decision-makers with the most relevant information by detecting trends, monitoring changes, and generating recommendations that are ready for action. The enhancements are intended to facilitate a more strategic approach to managing compliance challenges, according to LRN. Program Maturity Assessment The new Program Maturity Assessment is designed to offer organisations a clearer view of how their ethics and compliance initiatives align with industry standards and peer institutions across six key metrics. Through this assessment, companies can identify where their programmes are strong, where there are gaps, and how they can better allocate resources for ongoing development. The PMA provides benchmarking against sector best practices and allows compliance teams to communicate findings more effectively with boards and other senior leaders. The feature's aim is to enable real-time, data-driven decision-making in the evolving regulatory landscape. AI-driven summaries and alerts Another aspect of the Catalyst Reveal update is the integration of advanced artificial intelligence to analyse compliance data automatically. This tool is programmed to highlight relevant trends, unusual patterns, and generate plain-language summaries that compliance teams can use to inform their organisations' leadership. In addition, Catalyst Reveal will now offer executive-ready, customised monthly reports which distil the most significant insights into concise narratives. These reports are intended to drive alignment, support strategic conversations, and underpin requests for additional resources, according to the company. Alongside reporting, the platform provides real-time alerts to compliance teams when notable changes are present in metrics such as employee behaviour, training engagement, or culture scores. The goal is to ensure issues can be addressed promptly before they become more serious compliance risks. Supporting decision-making The company states that, by introducing these new features, Catalyst Reveal is evolving into a platform that supports comprehensive decision-making for compliance teams. The combination of intelligent automation, benchmarking, and user-driven insights is intended to help teams approach their work more strategically and demonstrate the value of compliance programmes to senior stakeholders. LRN positions these enhancements as directly supporting compliance executives in allocating resources, tracking programme effectiveness, and meeting the challenges arising from increasingly complex regulatory environments worldwide.
Techday NZ
18-07-2025
- Techday NZ
Internal-themed phishing emails drive sharp rise in staff clicks
KnowBe4 has released its Q2 2025 Phishing Simulations Roundup report, revealing a significant rise in employee vulnerability to phishing emails, especially those that mimic internal communications. The report shows that 98.4% of the top 10 most-clicked phishing email templates imitated internal messages, with attackers frequently posing as HR or IT departments. These findings indicate a persistent susceptibility among employees to social engineering techniques that leverage trust in familiar internal sources. According to the data gathered from the KnowBe4 HRM+ platform between April and June 2025, phishing simulation patterns remain largely unchanged from the previous quarter. The report specifies that internal-themed topics overwhelmingly led to clicks, demonstrating that workplaces continue to struggle with identifying fraudulent emails disguised as routine company communications. Among the internal communications strategies employed in phishing simulations, HR-themed emails accounted for 42.5% of incidents where employees clicked on malicious links, while IT-themed messages were responsible for 21.5%. This highlights the particular vulnerability of employees to phishing attempts that exploit organisational trust and daily business processes. Phishing campaigns using branded content were also prevalent, with 71.9% of malicious landing page interactions featuring recognisable brands. Microsoft was the most frequently impersonated brand, cited in 26.7% of such incidents. LinkedIn, X, Okta, and Amazon followed, showing that attackers use brand familiarity to further their fraudulent aims. Analysis of clicked links within these campaigns revealed similar trends. Internally themed email simulations accounted for 80.6% of the top 20 most-clicked links, and of these, 68.2% used domain spoofing methods to deceive recipients. This trend underscores the complexity of modern phishing attempts which go beyond simple deception and rely on technical measures that closely imitate legitimate domain names. Attachment-based phishing methods also posed a challenge for employees. Clicks on PDF attachments saw an 8.1% increase compared with the first quarter of 2025, and PDFs constituted 61.1% of the top 20 clicked attachments. HTML files and Word documents made up the remainder, with 20.9% and 18.0% respectively. Erich Kron, Cybersecurity Advocate at KnowBe4, commented on the findings: "One of the key takeaways from the Q2 Simulated Phishing Roundup is the critical role trust plays in cybersecurity. Whether that is trust in internal communications, familiar brands, or even known individuals, phishing emails that appear to originate from reputable sources will always have a higher chance of lowering a recipient's suspicions." "We see this time and time again in real-word scenarios, where attackers use sophisticated social engineering tactics to take advantage of this fundamental human instinct, making it harder for employees to distinguish legitimate and malicious emails." Elaborating further, Kron said: "The Q2 findings reinforce the need for organisations to strengthen their human defences through a layered approach centred on human risk management. This includes employee empowerment through a combination of relevant, timely and adaptive security training and intelligent detection technology that can identify and mitigate threats in real time." The Q2 2025 findings suggest that combating phishing threats requires ongoing prioritisation from organisational leadership, particularly in the areas of training and technological support. The data indicates a need for adaptive educational programmes and advanced detection mechanisms to ensure that staff can recognise and neutralise phishing attempts disguised as routine communications. Follow us on: Share on:
