Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Email Security

Awareness Training Firm KnowBe4 Acquires Awareness Measurement Firm CLTRe

Tampa Bay, FL-based security awareness and simulated phishing firm KnowBe4 has acquired Oslo, Norway-based security culture measurement company CLTRe for an undisclosed sum.

Tampa Bay, FL-based security awareness and simulated phishing firm KnowBe4 has acquired Oslo, Norway-based security culture measurement company CLTRe for an undisclosed sum.

KnowBe4 is best-known for its simulated phishing awareness training program. One of the attractions of such platforms is that staff awareness improvements can be measured and accurately reported to the board.

CLTRe is focused on measuring its customers’ overall cybersecurity culture (hence the name of the firm). Effective cybersecurity cultures lead to stronger cybersecurity postures. Weak postures leave a firm open to social engineering such as successful BEC attacks, and explain the hundreds of large databases with personal information stored insecurely on cloud servers (the latest being details of 50 million Instagram users left exposed by Mumbai-based social media marketing firm Chtrbox). 

According to an ISACA/CMMI Institute Cybersecurity Culture Report published in late 2018, 32% of organizations recognize a significant gap between their culture aspiration and their culture achievement — with a further 63% noting a minor gap. However, understanding exactly where, why and how the gap exists without detailed metrics is difficult.

On May 1, 2109, CLTRe published a report on the Security Culture Framework, which is defined as, “the ideas, customs, and social behavior of a particular people or society [i.e. employees in an organization] that allow them to be free from danger or threats.” Its own culture model comprises seven elements: attitudes, behaviors, cognition, communication, compliance, norms, and responsibilities.

CLTRe offers a Security Culture Toolkit that delivers metrics on the customer’s security culture. The service is provided as SaaS, and has been endorsed by ENISA (the EU Agency for Network and Information Security).

The synergy between a phishing awareness training platform with inbuilt metrics, and a wider security awareness metrics capability is clear. Stu Sjouwerman, founder & CEO of KnowBe4, told SecurityWeek, “With the acquisition of CLTRe, we’re widening our scope as we’ve always intended. As the security market evolves, we want to expand from simulated phishing and security awareness training to helping our customers improve their organization’s overall security culture.”

Training alone is not enough. CISOs need metrics that can be repeated over time to present to the board. Executive management understands figures better than arguments, and accurate measurement of the firm’s security culture can help focus minds and budgets where they are most required. “Today’s announcement brings KnowBe4 very valuable tools to help our customers measure what matters — their security culture — so they can make decisions about how to improve.”

Sjouwerman told SecurityWeek that CLTRe will remain in Norway. “However,” he added, “CLTRe’s assessments are being integrated into KnowBe4’s platform as we speak, and this will be made available to all customers at all levels for no additional fee by or before the end of the year.” All CLTRe’s existing staff will be retained.

KnowBe4 announced a Series C funding round of $50 million, led by global investment firm KKR, with participation from Ten Eleven Ventures, on 4 March 2019. This brings the total raised by the firm $93.5 million. 

Related: KnowBe4 Brings Artificial Intelligence to Security Awareness Training 

Related: Simulated Phishing Firm KnowBe4 Raises $30 Million 

Related: Ongoing Adwind Phishing Campaign Discovered 

Related: Insurers, Nonprofits Most Likely to Fall for Phishing: Study

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Funding/M&A

Tenable has launched a $25 million venture fund to place bets on early-stage startups in the exposure management space.

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.