KnowBe4, a provider of security awareness training (SAT) and simulated phishing platform, has announced the acquisition of CLTRe - pronounced “Culture”- a Norwegian company focused on helping organisations assess, build, maintain and measure a strong security posture. CLTRe will continue to operate as an independent subsidiary of KnowBe4, and service customers globally. CLTRe’s Toolkit and Security Culture Framework will be available to all KnowBe4 customers later this year.
Cybersecurity and cyber threat mitigation
The finance industry demonstrated an overall healthy improvement in culture from 2017
According to the 2018 Cybersecurity Culture Report, 95 percent of organisations see a gap between their current and desired organisational cybersecurity culture. With 94 percent of malware being delivered via email (2019 DBIR), it’s clear that working with users to minimise cyber risk and improve security culture is key.
The 2018 Security Culture Report shows the value of being able to measure culture, helping organisations to demonstrate the effectiveness of their organisational security controls, as required by GDPR, CCPA and other regulations. Interestingly, the finance industry demonstrated an overall healthy improvement in culture from 2017 while the real estate industry showed a decline.
CLTRe Toolkit and Security Culture Framework
CLTRe created the CLTRe Toolkit and the Security Culture Framework, which work in tandem to help organisations gather evidence about their current security culture and how it changes over time. The acquisition of CLTRe is advantageous for both KnowBe4 and CLTRe clients; KnowBe4 users will gain access to a research-driven measurement platform to show how their security culture program matures over time. And CLTRe clients will be introduced to the industry’s most progressive and easiest-to-use SAT and simulated phishing platform to help educate users and change their behaviour.
CLTRe measures the seven dimensions of security culture: behaviour, responsibilities, cognition, norms, compliance, communication and attitudes.
Quotes by industry experts:
Stu Sjouwerman, CEO, KnowBe4
“Today’s announcement brings KnowBe4 very valuable tools to help our customers measure what matters – their security culture – so they can make decisions about how to improve. We’re excited to welcome Kai and the CLTRe team to the KnowBe4 family and to enhance our European presence while supporting more global customers.”
Kai Roer, CEO, CLTRe
“KnowBe4 is a leader in innovation and has a wonderful track record for growing quickly but with a very specific focus on improving security at the human-level. This is a natural fit for our evidence-based analytics and measurement tools, as KnowBe4 customers will now be able to measure their security cultures, benchmark against their industry sectors, and pinpoint exactly what kind of security culture they have. With KnowBe4 and CLTRe, organisations can gain true insight into their security culture, improve their security with pinpoint accuracy, report their progress to their board of directors, and educate their users to make smarter security decisions.”
Perry Carpenter, Chief Evangelist & Strategy Officer, KnowBe4
“From my former life as a Gartner analyst, I have a strong appreciation for evidence over opinion, which is what CLTRe gives to its clients in the form of a data-driven examination of their security culture. To change user behaviour and address awareness, we have to understand and change security culture. CLTRe gives organisations the tools to understand where they are today so they can get to where they want to go tomorrow.”
Espen Otterstad, CISO at Abax (CLTRe customer)
“Our work with CLTRe has been important to helping us gauge the maturity of our security culture over time. Now that CLTRe is part of KnowBe4, we have a very real way to advance the maturity of our program and test the knowledge of our user’s understanding via KnowBe4’s fresh content, engaging trainings and simulated phishing tests. The combination of CLTRe and KnowBe4 means that we can improve security within our organisation through training and phishing tests and manage our security culture program while proving ROI.”
