KnowBe4 launches free self-assessment to boost security culture
Practical assessment for human risk
The Program Maturity Assessment (PMA), developed by security culture specialist Perry Carpenter, seeks to bridge the gap between human behaviour and cybersecurity practice.
Unlike many technical assessments or frameworks requiring external consultants, the PMA offers a structured and jargon-free self-assessment. It translates cybersecurity concepts into concrete, actionable recommendations suitable for organisations of varying sizes and across industries.
The assessment examines ten critical dimensions of security culture, considering elements such as leadership involvement, employee behaviour, and the integration of business processes.
Users receive quantifiable and visual feedback across 40 Culture Maturity Indicators (CMIs), enabling an objective understanding of both strengths and vulnerabilities in their current practices.
Customised recommendations
After completing the PMA, participants are provided with a personalised maturity classification mapped onto a five-level scale.
This is visualised across each assessed dimension, giving a comprehensive picture of where improvements are needed. Alongside this, PMA delivers prioritised and actionable steps intended to strengthen what is often described as the 'human firewall' within organisations.
Additionally, the tool's output identifies specific gaps, from employee mindset to executive communication. Organisations also receive a strategic roadmap with tailored recommendations, allowing for focused resource allocation and plans for ongoing cultural development.
Developed with clarity in mind "Every meaningful program requires clarity: clarity of purpose and clarity of impact. This is especially true with Human Risk Management programs where lack of clarity and impact will leave an organization exposed in ways they may not appreciate." said Perry Carpenter, chief human risk management strategist at KnowBe4. "Organisations need a way to demonstrate effectiveness of their human risk management program and show leadership its value. This is especially true when programs fail to account for the human element—employees whose everyday decisions significantly impact organizational security. The PMA offers a clear, data-driven approach that helps leaders identify key areas for improvement, allocate resources more effectively, and build a stronger, more resilient security culture. It's about giving organizations the insight they need to make informed decisions and foster lasting cultural change."
The PMA represents a response to increased targeting and exploitation of human actions by cyber attackers. According to KnowBe4's own "Security Culture: How-To Guide", security culture is a significant predictor of secure behaviour, yet many organisations lack the means to assess and improve it in a systematic way.
Optional consultation for next steps
Beyond the immediate recommendations provided by the PMA, organisations can opt for a follow-up consultation to explore KnowBe4's broader Human Risk Management (HRM+) platform.
This includes further modules for awareness and compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing resources, and AI-driven defence tools, intended to provide ongoing support for building a more resilient security culture.
KnowBe4 reports being used by more than 70,000 organisations globally and positions its offerings as a way to create measurable improvements in the security mindsets and behaviours of workforces. The new PMA tool is available free of charge to support organisations in understanding and developing data-driven strategies for security culture improvement starting with their people.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
03-07-2025
- Techday NZ
Ransomware threats surge as phishing grows, damages may hit $275 billion
KnowBe4 has highlighted the growing threat posed by ransomware, particularly through social engineering tactics, urging organisations to strengthen their human defences during Ransomware Awareness Month. Recent research from KnowBe4 indicates a 57.7% increase in ransomware payloads delivered through phishing attacks between 1 November 2024 and 15 February 2025 when compared to the previous three months. This finding emphasises the significance of phishing as a primary method for ransomware to gain initial access to organisational systems. The impact of ransomware on organisations remains severe, with global damages forecasted to reach USD $275 billion annually by 2031. Data from the 2025 Verizon Data Breach Investigations Report further reveals that ransomware was involved in 44% of all analysed breaches, a marked rise from 31% in the prior year. Social engineering, and phishing specifically, has been increasingly exploited by cybercriminals to distribute ransomware. KnowBe4 notes that as these attack methods evolve, organisations must focus on mitigating the human risk inherent to their operations. Five steps to reduce risk To support efforts to minimise ransomware exposure, KnowBe4 has outlined five strategies for organisations to bolster their human layer of defence: First, organisations are encouraged to tailor cybersecurity training by role. Providing timely, role-specific and personalised training helps address the unique threats and responsibilities of different departments, which can lead to a reduction in employee behaviours often targeted by ransomware attackers. Second, running realistic phishing simulations is recommended. Regular simulations model current threat tactics, which can assist in building employees' critical thinking skills and foster instinctive resistance to phishing-based ransomware attacks. Third, promoting a no-blame reporting culture is suggested. Encouraging employees to immediately report any suspicious emails or activities, regardless of whether they have made an error, enables more effective and quicker ransomware response and containment. Fourth, maintaining a focus on ransomware awareness is essential. Organisations should run continuous awareness campaigns, utilising ongoing reminders, visuals, and regular communication, so that ransomware threats remain prominent and vigilance across the workforce is reinforced. Finally, deploying advanced anti-phishing technology can complement human defences. Solutions powered by artificial intelligence and machine learning are increasingly able to identify and neutralise sophisticated phishing attacks, including those carrying zero-day ransomware payloads, often before they reach employee inboxes. Social engineering and workforce vigilance As ransomware attacks rise in prevalence and sophistication, KnowBe4 is calling attention to the important role social engineering plays in making organisations susceptible to compromise. "Ransomware remains one of the largest cyber threats an organization can face–and it all starts with social engineering," said Roger Grimes, Data-Driven Defence Evangelist at KnowBe4. "As reports continue to highlight the varied forms of phishing as the most prevalent access vector for ransomware-related attacks, organizations must prioritize reducing human risk first and foremost. This Ransomware Awareness Month, it is crucial for every organization to understand their strongest defense against ransomware is actually their workforce." The escalation in both the volume and the impact of ransomware cases through 2025 points to the critical need for organisations to address human factors in their cybersecurity strategies. The combination of tailored training, realistic testing, supportive internal cultures, ongoing awareness campaigns, and advanced technical defences forms a comprehensive approach against social engineering-led ransomware attacks.
Techday NZ
30-06-2025
- Techday NZ
KnowBe4 launches free self-assessment to boost security culture
KnowBe4 has released a free self-assessment tool, the Program Maturity Assessment (PMA), aimed at helping IT and cybersecurity leaders evaluate and enhance their organisation's security culture with a particular focus on human risk management. Practical assessment for human risk The Program Maturity Assessment (PMA), developed by security culture specialist Perry Carpenter, seeks to bridge the gap between human behaviour and cybersecurity practice. Unlike many technical assessments or frameworks requiring external consultants, the PMA offers a structured and jargon-free self-assessment. It translates cybersecurity concepts into concrete, actionable recommendations suitable for organisations of varying sizes and across industries. The assessment examines ten critical dimensions of security culture, considering elements such as leadership involvement, employee behaviour, and the integration of business processes. Users receive quantifiable and visual feedback across 40 Culture Maturity Indicators (CMIs), enabling an objective understanding of both strengths and vulnerabilities in their current practices. Customised recommendations After completing the PMA, participants are provided with a personalised maturity classification mapped onto a five-level scale. This is visualised across each assessed dimension, giving a comprehensive picture of where improvements are needed. Alongside this, PMA delivers prioritised and actionable steps intended to strengthen what is often described as the 'human firewall' within organisations. Additionally, the tool's output identifies specific gaps, from employee mindset to executive communication. Organisations also receive a strategic roadmap with tailored recommendations, allowing for focused resource allocation and plans for ongoing cultural development. Developed with clarity in mind "Every meaningful program requires clarity: clarity of purpose and clarity of impact. This is especially true with Human Risk Management programs where lack of clarity and impact will leave an organization exposed in ways they may not appreciate." said Perry Carpenter, chief human risk management strategist at KnowBe4. "Organisations need a way to demonstrate effectiveness of their human risk management program and show leadership its value. This is especially true when programs fail to account for the human element—employees whose everyday decisions significantly impact organizational security. The PMA offers a clear, data-driven approach that helps leaders identify key areas for improvement, allocate resources more effectively, and build a stronger, more resilient security culture. It's about giving organizations the insight they need to make informed decisions and foster lasting cultural change." The PMA represents a response to increased targeting and exploitation of human actions by cyber attackers. According to KnowBe4's own "Security Culture: How-To Guide", security culture is a significant predictor of secure behaviour, yet many organisations lack the means to assess and improve it in a systematic way. Optional consultation for next steps Beyond the immediate recommendations provided by the PMA, organisations can opt for a follow-up consultation to explore KnowBe4's broader Human Risk Management (HRM+) platform. This includes further modules for awareness and compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing resources, and AI-driven defence tools, intended to provide ongoing support for building a more resilient security culture. KnowBe4 reports being used by more than 70,000 organisations globally and positions its offerings as a way to create measurable improvements in the security mindsets and behaviours of workforces. The new PMA tool is available free of charge to support organisations in understanding and developing data-driven strategies for security culture improvement starting with their people.
Otago Daily Times
29-06-2025
- Otago Daily Times
Moana Pasifika owners deny public funding has gone into team
The owners of Moana Pasifika deny any public funding has gone into the Super Rugby side and is welcoming scrutiny of its funding processes. Te Puni Kōkiri (TPK) has launched an independent review into allegations of inappropriate use of public funding allocated for Whānau Ora commissioning services. The independent review relates to allegations of funding misuse by two agencies, Te Pou Matakana Limited - otherwise known as the Whānau Ora Commissioning Agency - and Pasifika Futures Limited, and would focus on whether the agencies met their contractual obligations when using the public money. The review followed Māori Development Minister Tama Potaka seeking urgent advice on "electioneering concerns" relating to an advertisement encouraging Māori to sign-up to the Māori electoral roll paid for by Te Pou Matakana Limited released this week, and suggestions Moana Pasifika had also received Whānau Ora funds. Pasifika Medical Association Group (PMA) - which bought the franchise last year - is set to lose contracts with Whānau Ora through its entity Pasifika Futures. Dr Kiki Maoate, chair of the PMA, said in a statement "we strongly reject any claim that public funds have been used in an inappropriate manner". When PMA took ownership of Moana Pasifika in July last year Maoate said the Moana Pasifika Charitable Trust was established to hold both the professional rugby team and the Moana Pasifika Community Sports Programme. "Moana Pasifika has always been more than a rugby team. From the outset, it was established as a movement - a platform for social good and long-term transformation for Pacific people," he said in a statement. "Any public or Whānau Ora funding has been directed solely to the Moana Pasifika Community Sports Programme. No public funding has been used to support the professional rugby team." He added "the professional rugby team operates independently of public funding. The team is funded through commercial rugby revenue streams". He said that funding came from the likes of New Zealand Rugby, World Rugby, SKY TV broadcast revenue and PMA revenue. "PMA generates its own income and is not reliant solely on government funding. It has built significant equity over 28 years, including savings and a property portfolio. This financial strength has enabled it to support the franchise without drawing on public money," Maoate said. Maoate said since becoming part of PMA Moana Pasifika has increased its focus on community impact evolving from a professional sports team into a wider platform for sport, connection and social purpose. "We welcome scrutiny - but it must be informed, balanced and grounded in fact. We stand by the integrity of our decisions, the strength of our governance and the value of our work across Aotearoa."
