KnowBe4 Unveils Free Culture Assessment Tool to Reinforce the Human Firewall

In an era where phishing kits evolve faster than most patch cycles, KnowBe4 is turning its focus not to hardware or software—but to humans. The cybersecurity awareness juggernaut has just launched its latest initiative: the Program Maturity Assessment (PMA), a free tool designed to give IT and security teams clarity on the often-murky terrain of human risk.

Unlike traditional cybersecurity assessments that fixate on perimeter defenses or technical configurations, PMA is built to answer a deceptively simple question: How mature is your organization’s security culture? Spoiler: most enterprises don’t actually know.

Built under the guidance of Perry Carpenter, KnowBe4’s chief human risk management strategist, PMA is less of a checkbox exercise and more of a diagnostic for the security DNA of an organization. “Every meaningful program requires clarity: clarity of purpose and clarity of impact,” Carpenter said. “This is especially true with Human Risk Management programs where lack of clarity and impact will leave an organization exposed in ways they may not appreciate.”

PMA is KnowBe4’s answer to that ambiguity—an accessible framework that assesses 10 distinct dimensions of security culture, from leadership support and employee attitudes to policy communication and behavior reinforcement. The tool evaluates organizations using 40 Culture Maturity Indicators (CMIs), generating a five-tier maturity score along with strategic, customized recommendations.

The goal isn’t just to audit people’s behaviors—it’s to operationalize the elusive concept of security culture into measurable actions. That’s a notable shift. For years, cybersecurity culture has been praised in thought leadership and keynote slides, but rarely translated into boardroom-ready metrics.

With the PMA, KnowBe4 is essentially offering organizations a map for their “human firewall,” identifying weak spots not through exploit chains, but through misaligned values, ineffective communication, or undertrained staff.

Once the self-assessment is complete, organizations receive a tailored report with visual breakdowns, gap analyses, and prioritized next steps. While the PMA is free, organizations can opt for a deeper dive through KnowBe4’s HRM+ platform, which provides more granular support and implementation guidance.

At a time when adversaries increasingly prey on human psychology over technical vulnerabilities, KnowBe4’s move doubles down on a long-held industry mantra: security isn’t just a tech problem—it’s a people problem.

And with tools like the PMA, that problem may finally have a scalable, strategic solution.