KnowBe4 Acquires CLTRe; Shines Spotlight on Security Culture Measurement
Acquisition further demonstrates importance of managing the human risk and cements KnowBe4’s presence in Europe
Tampa Bay, FL (May 21, 2019) – KnowBe4, the provider of the world’s largest security awareness training (SAT) and simulated phishing platform, today announced the acquisition of CLTRe —pronounced “Culture”— a Norwegian company focused on helping organizations assess, build, maintain and measure a strong security posture. CLTRe will continue to operate as an independent subsidiary of KnowBe4, and service customers globally. CLTRe’s Toolkit and Security Culture Framework will be available to all KnowBe4 customers later this year.
According to The 2018 Cybersecurity Culture Report, 95 percent of organizations see a gap between their current and desired organizational cybersecurity culture. With 94 percent of malware being delivered via email (2019 DBIR), it’s clear that working with users to minimize cyber risk and improve security culture is key.
The 2018 Security Culture Report shows the value of being able to measure culture, helping organizations to demonstrate the effectiveness of their organizational security controls, as required by GDPR, CCPA and other regulations. Interestingly, the finance industry demonstrated an overall healthy improvement in culture from 2017 while the real estate industry showed a decline.
CLTRe created the CLTRe Toolkit and the Security Culture Framework, which work in tandem to help organizations gather evidence about their current security culture and how it changes over time. The acquisition of CLTRe is advantageous for both KnowBe4 and CLTRe clients; KnowBe4 users will gain access to a research-driven measurement platform to show how their security culture program matures over time. And CLTRe clients will be introduced to the industry’s most progressive and easiest-to-use SAT and simulated phishing platform to help educate users and change their behavior.
CLTRe measures the seven dimensions of security culture: behavior, responsibilities, cognition, norms, compliance, communication and attitudes.
Stu Sjouwerman, CEO, KnowBe4: “Today’s announcement brings KnowBe4 very valuable tools to help our customers measure what matters – their security culture – so they can make decisions about how to improve. We’re excited to welcome Kai and the CLTRe team to the KnowBe4 family and to enhance our European presence while supporting more global customers.”
Kai Roer, CEO, CLTRe: “KnowBe4 is a leader in innovation and has a wonderful track record for growing quickly but with a very specific focus on improving security at the human-level. This is a natural fit for our evidence-based analytics and measurement tools, as KnowBe4 customers will now be able to measure their security cultures, benchmark against their industry sectors, and pinpoint exactly what kind of security culture they have. With KnowBe4 and CLTRe, organizations can gain true insight into their security culture, improve their security with pinpoint accuracy, report their progress to their board of directors, and educate their users to make smarter security decisions.”
Perry Carpenter, Chief Evangelist & Strategy Officer, KnowBe4: “From my former life as a Gartner analyst, I have a strong appreciation for evidence over opinion, which is what CLTRe gives to its clients in the form of a data-driven examination of their security culture. To change user behavior and address awareness, we have to understand and change security culture. CLTRe gives organizations the tools to understand where they are today so they can get to where they want to go tomorrow.”
Espen Otterstad, CISO at Abax (CLTRe cutomer): “Our work with CLTRe has been important to helping us gauge the maturity of our security culture over time. Now that CLTRe is part of KnowBe4, we have a very real way to advance the maturity of our program and test the knowledge of our user’s understanding via KnowBe4’s fresh content, engaging trainings and simulated phishing tests. The combination of CLTRe and KnowBe4 means that we can improve security within our organization through training and phishing tests, and manage our security culture program while proving ROI.”
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 25,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as the last line of defense.
Number 96 on the list Inc. 500 of 2018, number 34 on 2018’s Deloitte’s Technology Fast 500, and 2nd place in Cybersecurity Ventures Cybersecurity 500, KnowBe4 is headquartered in Tampa Bay, Florida, with offices in Brazil, England, the Netherlands, Germany, South Africa and Singapore.
CLTRe was established in 2015 to accurately answer the question, how do you measure security culture? Pooling the knowledge and experience of its co-founders and a wider team of experts together, CLTRe provides effective and easy-to-use tools that use proven social scientific methods and principles to provide evidence-based results and enables organizations to assess, build and improve their security culture. CLTRe’s software offering is aptly named the Security Culture Toolkit.