Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Email Security

Awareness Training Firm KnowBe4 Acquires Awareness Measurement Firm CLTRe

Tampa Bay, FL-based security awareness and simulated phishing firm KnowBe4 has acquired Oslo, Norway-based security culture measurement company CLTRe for an undisclosed sum.

Tampa Bay, FL-based security awareness and simulated phishing firm KnowBe4 has acquired Oslo, Norway-based security culture measurement company CLTRe for an undisclosed sum.

KnowBe4 is best-known for its simulated phishing awareness training program. One of the attractions of such platforms is that staff awareness improvements can be measured and accurately reported to the board.

CLTRe is focused on measuring its customers’ overall cybersecurity culture (hence the name of the firm). Effective cybersecurity cultures lead to stronger cybersecurity postures. Weak postures leave a firm open to social engineering such as successful BEC attacks, and explain the hundreds of large databases with personal information stored insecurely on cloud servers (the latest being details of 50 million Instagram users left exposed by Mumbai-based social media marketing firm Chtrbox). 

According to an ISACA/CMMI Institute Cybersecurity Culture Report published in late 2018, 32% of organizations recognize a significant gap between their culture aspiration and their culture achievement — with a further 63% noting a minor gap. However, understanding exactly where, why and how the gap exists without detailed metrics is difficult.

On May 1, 2109, CLTRe published a report on the Security Culture Framework, which is defined as, “the ideas, customs, and social behavior of a particular people or society [i.e. employees in an organization] that allow them to be free from danger or threats.” Its own culture model comprises seven elements: attitudes, behaviors, cognition, communication, compliance, norms, and responsibilities.

CLTRe offers a Security Culture Toolkit that delivers metrics on the customer’s security culture. The service is provided as SaaS, and has been endorsed by ENISA (the EU Agency for Network and Information Security).

The synergy between a phishing awareness training platform with inbuilt metrics, and a wider security awareness metrics capability is clear. Stu Sjouwerman, founder & CEO of KnowBe4, told SecurityWeek, “With the acquisition of CLTRe, we’re widening our scope as we’ve always intended. As the security market evolves, we want to expand from simulated phishing and security awareness training to helping our customers improve their organization’s overall security culture.”

Training alone is not enough. CISOs need metrics that can be repeated over time to present to the board. Executive management understands figures better than arguments, and accurate measurement of the firm’s security culture can help focus minds and budgets where they are most required. “Today’s announcement brings KnowBe4 very valuable tools to help our customers measure what matters — their security culture — so they can make decisions about how to improve.”

Advertisement. Scroll to continue reading.

Sjouwerman told SecurityWeek that CLTRe will remain in Norway. “However,” he added, “CLTRe’s assessments are being integrated into KnowBe4’s platform as we speak, and this will be made available to all customers at all levels for no additional fee by or before the end of the year.” All CLTRe’s existing staff will be retained.

KnowBe4 announced a Series C funding round of $50 million, led by global investment firm KKR, with participation from Ten Eleven Ventures, on 4 March 2019. This brings the total raised by the firm $93.5 million. 

Related: KnowBe4 Brings Artificial Intelligence to Security Awareness Training 

Related: Simulated Phishing Firm KnowBe4 Raises $30 Million 

Related: Ongoing Adwind Phishing Campaign Discovered 

Related: Insurers, Nonprofits Most Likely to Fall for Phishing: Study

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Funding/M&A

Thirty-five cybersecurity-related M&A deals were announced in February 2023