16
The goal is to provide a model that is usable by the entire industry, not just KnowBe4 customers.
Over the next few months, KnowBe4 Research will release more information related to the CMIs
most associated with each level. Additionally, the team is planning to release some easy to use
questionnaires organizations can use to get an idea of their current maturity level and what steps
they can take to progress to the next level(s).
Refinements to Come Refinements to Come
This model will evolve over time. KnowBe4 is dedicated to continually tuning the statistical
models, available CMIs and their weightings, and more. As the industry matures, it is likely
that adjustments to the thresholds needed to move from one maturity level to another will
also be refined. Culture is a moving target. As threat actors evolve, countermeasures do
to. This directly influences security culture, and an evidence-based model that keeps
being updated will ensure a more accurate representation of the real world. This
could mean that achieving a particular maturity level (or even staying at a specific
level) can become progressively more difficult in years to come as the general
maturity of all measured organizations slowly improve.
