The Security Culture Reports

Download our latest research papers and reports for the most up-to-date Industry Benchmarks and our ongoing research into security culture influences and impact

Security Culture Report 2021

The Security Culture Report 2021 is the largest study of its kind, measuring organizations’ security cultures and surveying more than 320,000 employees across 1,872 organizations worldwide. This year’s report includes a new section that gives an in-depth view of the state of specific aspects of security culture.

The report provides an objective and scientific method for assessing, reporting, and comparing the relative cybersecurity culture-related strengths and weaknesses of individuals, organizations, industry sectors, and regions across each of the 7 dimensions of security culture. While some industries saw security culture stagnate or decline during the pandemic, it was encouraging to see a number of industries use the pandemic as an opportunity to improve.

The Security Culture Report 2020

The 2020 Security Culture Report provides unparalleled insights into the state of security culture across 17 industry sector worldwide. The report succeeds in providing an essential resource for organizations as they seek to understand their own security culture maturity position relative to others globally and within their industry.

This year’s report compiles data from over 120,000 employees in 24 countries and across 1107 organizations in 17 industries. The results reveal a large gap between the best performers and the poor performers around the globe.

Security Culture and Credential Sharing

This global study finds new empirical evidence that security culture and security behaviors are closely linked, and improving security culture can reduce these risks 52-fold!

Security Culture and Credential Sharing investigates the impact of security culture on reducing risky security behaviors such as opening phishing emails, clicking on suspicious links, and giving away credentials. 97,661 employees in 1,115 organizations worldwide were analyzed in total.

The Security Culture Report 2021

This year’s Security Culture Report is the largest study of its kind, measuring organizations’ security cultures and surveying more than 320,000 employees across 1,872 organizations worldwide. The report provides an objective and scientific method for assessing, reporting, and comparing the relative cybersecurity culture-related strengths and weaknesses of individuals, organizations, industry sectors, and regions across each of the 7 security culture dimensions.

The 7 Dimensions of Security Culture

This research paper provides a comprehensive resource for practitioners seeking a deeper understanding of the dimensions that comprise security culture. Knowing what these dimensions are, how they relate to security, and how they can be positively influenced, will provide practitioners with the tools and practical advice needed to start building and improving security culture in organizations.

The Security Culture Report 2018

‘The Security Culture Report 2018 – Measure to Improve’ focuses on three main areas: industry benchmarking, language comparison, and how security culture is evolving over time. This is the first time a year-on-year comparison of security culture has ever been published.

Cover image of whitepaper with the title, To Measure Security Culture - A Scientific Approach

To measure security culture - a scientific approach

This white paper from CLTRe explains the need to measure security culture and why it is important that culture is measured in a scientifically valid and reliable way. The white paper explores the ways that security culture is being measured today and explains how the CLTRe Toolkit scientific method is different.

SCR2017 - Security Culture Report 2017

The Security Culture Report 2017

The largest study of its kind ever, ‘The Security Culture Report 2017 – Indepth insights into the human factor’ investigates the human factors that influence security culture and makes a number of recommendations for security practitioners and risk management professionals based on its findings.

Gender balance is important to reduce risk and improve security

Gender, Risk and Security

The Security Culture Report 2017 on ‘Gender, Risk and Security’ highlights the importance of gender balance in risk-management strategy.

Research by CLTRe reveals that organisations, departments or teams with a limited balance of genders are more likely to display biased security and risk behaviours. This special report investigates the relationship between gender, risk and security.

Age, Experience, Risk and Security

In this report, we share fascinating findings on how age and experience correlates with security observations and behaviours of the workforce. CLTRe finds that age and experience are strongly correlated with personal risk management strategies and security behaviours.

Security Culture Report 2020 Interview
Security Culture Report 2017 Webinar