Stories: KnowBe4 acquires CLTRe with a spotlight on security culture measurement
KnowBe4, the provider of the world’s largest security awareness training (SAT) and simulated phishing platform, announced the acquisition of CLTRe - pronounced “Culture” - the European Innovation Council pilot's Norwegian company focused on helping organizations assess, build, maintain and measure a strong security posture. CLTRe will continue to operate as an independent subsidiary of KnowBe4, and service customers globally. CLTRe’s Toolkit and Security Culture Framework will be available to all KnowBe4 customers later this year.
According to Kai Roer, CLTRe's CEO, in just a few years, CLTRe has created a brand, a product portfolio and a global recognition that resulted in many great opportunities. "With KnowBe4, we now have access to more than 25 000 customers globally, all who will be able to use our product to enhance their cybersecurity and reduce their risks. Together, the two companies will continue to drive much needed change to the global security awareness market, and demonstrate how important applied social science is to protect technology. For a startup from Europe, it is a huge success to be bought by the global market leader."
According to The 2018 Cybersecurity Culture Report, 95 percent of organizations see a gap between their current and desired organizational cybersecurity culture. With 94 percent of malware being delivered via email (2019 DBIR), it’s clear that working with users to minimize cyber risk and improve security culture is key. The 2018 Security Culture Report shows the value of being able to measure culture, helping organizations to demonstrate the effectiveness of their organizational security controls, as required by GDPR, CCPA and other regulations. Interestingly, the finance industry demonstrated an overall healthy improvement in culture from 2017 while the real estate industry showed a decline.
CLTRe created the CLTRe Toolkit and the Security Culture Framework, which work in tandem to help organizations gather evidence about their current security culture and how it changes over time. The acquisition of CLTRe is advantageous for both KnowBe4 and CLTRe clients; KnowBe4 users will gain access to a research-driven measurement platform to show how their security culture program matures over time. And CLTRe clients will be introduced to the industry’s most progressive and easiest-to-use SAT and simulated phishing platform to help educate users and change their behavior.
“KnowBe4 is a leader in innovation and has a wonderful track record for growing quickly but with a very specific focus on improving security at the human-level. This is a natural fit for our evidence-based analytics and measurement tools, as KnowBe4 customers will now be able to measure their security cultures, benchmark against their industry sectors, and pinpoint exactly what kind of security culture they have. With KnowBe4 and CLTRe, organizations can gain true insight into their security culture, improve their security with pinpoint accuracy, report their progress to their board of directors, and educate their users to make smarter security decisions.”, Kai Roer, CEO, CLTRe.
“Our work with CLTRe has been important to helping us gauge the maturity of our security culture over time. Now that CLTRe is part of KnowBe4, we have a very real way to advance the maturity of our program and test the knowledge of our user’s understanding via KnowBe4’s fresh content, engaging trainings and simulated phishing tests. The combination of CLTRe and KnowBe4 means that we can improve security within our organization through training and phishing tests, and manage our security culture program while proving ROI.”, Espen Otterstad, CISO at Abax (CLTRe cutomer).
CLTRe was established in 2015 to accurately answer the question - "how do you measure security culture?". Pooling the knowledge and experience of its co-founders and a wider team of experts together, CLTRe provides effective and easy-to-use tools that use proven social scientific methods and principles to provide evidence-based results and enables organizations to assess, build and improve their security culture. CLTRe’s software offering is aptly named the Security Culture Toolkit. The company measures the seven dimensions of security culture: behavior, responsibilities, cognition, norms, compliance, communication and attitudes.
The company received Phase 1 grant from the EIC pilot SME Instrument in 2017.
"The support we have received from the EIC has been crucial for the continued success of CLTRe. We particularly enjoy that the support is a combination of monetary (grants), coaching and business services like the Corporate Events around Europe. Together, the EIC support has enabled us to fund our product and market fit, establish a strong network across Europe, and advance our chances of doing business with some of the largest corporations in the world. We believe that EIC is a great resource that more startups should consider.", Kai Roer, CEO, CLTRe.
View CLTRe's information on the EIC SME Instrument data hub.