Cybersecurity Perceptions versus Reality: Discrepancy Identified in KnowBe4 Report
In a groundbreaking report, cybersecurity company KnowBe4 has highlighted a significant disconnect between the perceptions of African employers and their employees regarding organizational cybersecurity. The "Africa Human Risk Management Report 2025" has identified a dangerous overestimation of cybersecurity defences and employee capabilities, creating vulnerabilities in human-linked cybersecurity risks.
The report, based on insights from cybersecurity decision-makers across 30 African countries, reveals a significant perception gap. While cybersecurity awareness among employees is high, leaders are uncertain about their workforce’s actual ability to recognize, report, and mitigate cyber threats effectively. This disparity has been dubbed a "human risk blind spot."
The report notes that many companies fail to provide adaptive and personalised security awareness training tailored to specific roles or risk exposures. This lack of tailored training could contribute to the gap between leaders' perceptions and employees' experiences.
Another issue highlighted is the widespread use of personal devices (BYOD) for work, adding complexity to managing cyber risks. Additionally, many organizations are still developing policies on AI tool use, which may add to the cybersecurity uncertainties.
The report findings suggest that organizations believe their defenses and employee readiness are stronger than they truly are. For instance, 68% of leaders believe that security awareness training is tailored to roles, compared to only a third of employees feeling adequately trained. Similarly, only one in three African respondents believed their security awareness training was adequately tailored to their role.
The report concludes with a roadmap for turning awareness into action, including role-specific training, measurable outcomes, AI policy development, and better reporting structures. Anna Collard, SVP of content strategy & evangelist at KnowBe4 Africa, emphasises the need for procedural and cultural follow-through to ensure that awareness translates into readiness.
Collard warns that the African cybersecurity posture may be more confident than truly resilient, with significant blind spots remaining, especially concerning how organizations manage human risk. The report underscores the importance of bridging this gap to ensure a more secure digital future for African industries.
The survey findings underscore a theme of a mismatch between perception and reality in cybersecurity preparedness, suggesting the development of a dangerous perception gap in many organizations. It is crucial for organisations to address this gap to strengthen their cybersecurity defences and ensure a more secure digital future.
[1] https://www.knowbe4.com/resources/reports/africa-human-risk-management-report-2025 [2] https://www.knowbe4.com/blog/africa-human-risk-management-report-2025 [3] https://www.itweb.co.za/content/665077/knowbe4-report-highlights-perception-gap-between-african-leaders-and-employees-on-cybersecurity [4] https://www.itnewsafrica.com/2022/03/knowbe4-report-highlights-perception-gap-between-african-leaders-and-employees-on-cybersecurity/
- The "Africa Human Risk Management Report 2025" emphasizes the significance of artificial intelligence (AI) policy development in bridging the perception gap between African leaders and employees regarding cybersecurity, as many organizations are still formulating policies on AI tool usage.
- The report underscores the importance of tailoring security awareness training to specific roles and risk exposures, as a lack of such training could contribute to the misalignment between leaders' perceptions and employees' experiences in cybersecurity.
- The study reveals that while cybersecurity awareness among employees in Africa is generally high, there is a critical disparity in the perception of employees' actual ability to recognize, report, and mitigate cyber threats, compared to the faith leaders have in their workforce, thus creating what has been coined as a "human risk blind spot."
