To measure is to know. If you cannot measure it, you cannot improve it.

Lord Kelvin

Let's face it: It's hard to know how effective any program is at achieving its desired results unless you've established a set of objective measures. You need to know where you are doing well, where you aren't quite having the impact you want, and where you might be doing more harm than good. As Lord Kelvin said, “To measure is to know.” But how do you measure awareness, behaviors, and culture? Great question. Glad you asked. In this chapter we describe our quest to accurately measure culture and how Kai and his team developed and refined the Security Culture Survey. Since its creation, this tool has been used by thousands of organizations to collect over a million survey responses, yielding the world's largest security-culture–related dataset.

In our experience, the most effective and accurate way to measure security culture is to administer the Security Culture Survey to all employees. The Security Culture Survey was developed and refined over years, based on research and strong academic principles. It has only one job: to measure security culture—nothing more, nothing less. The Security Culture Survey and reporting functions have been fully integrated into KnowBe4's security awareness and training platform and is available in many languages, making it easy to use for organizations worldwide. Yes, the full Security Culture Survey is part ...