Security Program Controls/Technologies, Channel partners, Content

KnowBe4 Introduces Security Culture Maturity Model

Gauge or meter indicator. Speedometer icon with red, yellow, green scale and arrow. Progress performance chart. Vector illustration.

KnowBe4, a security awareness training and simulated phishing platform provider, has unveiled a Security Culture Maturity Model for global organizations.

The Security Culture Maturity Model lets an organization use phishing test results, knowledge assessments and other Culture Maturity Indicators (CMIs) to benchmark its security culture, according to KnowBe4.

The KnowBe4 effort sounds somewhat similar to Service Leadership Inc.'s Operational Maturity Level (OML) -- which measures MSP and IT solution provider business maturity across five functional areas (strategy, finance, sales, service and compensation). ConnectWise acquired Service Leadership in 2021, and associated peer groups continue to help MSPs and ITSPs improve their OML.

How Does the Security Culture Maturity Model Work?

Still, the KnowBe4 announcement focused heavily on end-customers and didn't specifically mention channel partners, MSPs or MSSPs.

The model leverages KnowBe4's security awareness, behavior and culture dataset to help an organization evaluate the current state of its security culture, the company noted. It establishes five security culture maturity levels:

  • Level 1: Basic Compliance: An organization offers minimal security training and uses few metrics to track its security culture.
  • Level 2: Security Awareness Foundation: An organization provides annual security training and uses phishing simulations.
  • Level 3: Programmatic Security Awareness and Behavior: An organization offers quarterly security training and has developed training programs integrated with its security tools.
  • Level 4: Security Behavior Management: An organization delivers continuous security training and consistently explores ways to improve its security culture.
  • Level 5: Sustainable Security Culture: An organization has integrated security into all aspects of its operations and culture.

An organization can use the model to visualize its current level of security culture, KnowBe4 stated. From here, the organization can determine the steps required to improve its security culture.

KnowBe4 Adds Security Culture Benchmarking to Its Platform

The Security Culture Maturity Model announcement comes after KnowBe4 in January 2022 added an Industry Benchmark feature to its security awareness training and simulated phishing platform. An organization can use this feature to compare its security culture with industry metrics, the company said.

KnowBe4 provides security awareness training and phishing simulations to more than 47,000 organizations globally. It also provides a partner program and free security tools that allow MSSPs and MSPs to integrate its platform into their offerings.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.