KnowBe4 launches free self-assessment to boost security culture
KnowBe4 has released a free self-assessment tool, the Program Maturity Assessment (PMA), aimed at helping IT and cybersecurity leaders evaluate and enhance their organisation's security culture with a particular focus on human risk management.
Practical assessment for human risk
The Program Maturity Assessment (PMA), developed by security culture specialist Perry Carpenter, seeks to bridge the gap between human behaviour and cybersecurity practice.
Unlike many technical assessments or frameworks requiring external consultants, the PMA offers a structured and jargon-free self-assessment. It translates cybersecurity concepts into concrete, actionable recommendations suitable for organisations of varying sizes and across industries.
The assessment examines ten critical dimensions of security culture, considering elements such as leadership involvement, employee behaviour, and the integration of business processes.
Users receive quantifiable and visual feedback across 40 Culture Maturity Indicators (CMIs), enabling an objective understanding of both strengths and vulnerabilities in their current practices.
Customised recommendations
After completing the PMA, participants are provided with a personalised maturity classification mapped onto a five-level scale.
This is visualised across each assessed dimension, giving a comprehensive picture of where improvements are needed. Alongside this, PMA delivers prioritised and actionable steps intended to strengthen what is often described as the 'human firewall' within organisations.
Additionally, the tool's output identifies specific gaps, from employee mindset to executive communication. Organisations also receive a strategic roadmap with tailored recommendations, allowing for focused resource allocation and plans for ongoing cultural development.
Developed with clarity in mind
"Every meaningful program requires clarity: clarity of purpose and clarity of impact. This is especially true with Human Risk Management programs where lack of clarity and impact will leave an organization exposed in ways they may not appreciate." said Perry Carpenter, chief human risk management strategist at KnowBe4.
"Organisations need a way to demonstrate effectiveness of their human risk management program and show leadership its value. This is especially true when programs fail to account for the human element—employees whose everyday decisions significantly impact organizational security. The PMA offers a clear, data-driven approach that helps leaders identify key areas for improvement, allocate resources more effectively, and build a stronger, more resilient security culture. It's about giving organizations the insight they need to make informed decisions and foster lasting cultural change."
The PMA represents a response to increased targeting and exploitation of human actions by cyber attackers. According to KnowBe4's own "Security Culture: How-To Guide", security culture is a significant predictor of secure behaviour, yet many organisations lack the means to assess and improve it in a systematic way.
Optional consultation for next steps
Beyond the immediate recommendations provided by the PMA, organisations can opt for a follow-up consultation to explore KnowBe4's broader Human Risk Management (HRM+) platform.
This includes further modules for awareness and compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing resources, and AI-driven defence tools, intended to provide ongoing support for building a more resilient security culture.
KnowBe4 reports being used by more than 70,000 organisations globally and positions its offerings as a way to create measurable improvements in the security mindsets and behaviours of workforces. The new PMA tool is available free of charge to support organisations in understanding and developing data-driven strategies for security culture improvement starting with their people.
