KnowBe4 Report Exposes Cybersecurity Perception Gap

New findings reveal disconnect between leaders and employees

KnowBe4, the world-renowned cybersecurity platform focused on human risk management, has released its Africa Human Risk Management Report 2025, uncovering a striking mismatch between employer perceptions and employee experiences of organisational cybersecurity across the continent.

The report, based on insights from cybersecurity decision-makers in 30 African countries, highlights how confidence in employee awareness does not necessarily translate into preparedness or effective behaviour.

Confidence without readiness

While many leaders rate employee awareness of cyber threats at “four out of five or higher,” only 10% of cybersecurity leaders are fully confident that staff would report a phishing attack or other cyber incident. This suggests that awareness is not being matched with practical readiness.

In addition, a large perception gap exists around training. 68% of leaders believe security training is tailored to roles, but only one in three employees feel their training is adequately role-specific.

“There’s a disconnect here – between what leaders think is happening, and what employees are actually experiencing,” says Anna Collard, SVP content strategy & evangelist at KnowBe4 Africa. “The data shows that without procedural and cultural follow-through, awareness simply doesn’t translate into readiness.”

Training gaps across industries

The report shows that many organisations rely on annual or biannual training sessions that are too generic to change behaviour effectively. Sectors such as manufacturing (50%) and healthcare (40%) were found to rely heavily on one-size-fits-all training, leaving them vulnerable.

Larger organisations also face greater challenges than smaller ones, with less frequent training and lower confidence in employees’ ability to respond to cyber threats.

BYOD risks and AI policy concerns

The report also highlights two growing areas of concern:

Bring Your Own Device (BYOD): Between 41% and 80% of employees use personal devices for work, exposing organisations to additional risks if those devices lack proper security measures.
AI governance: Nearly 46% of organisations are still developing AI usage policies, leaving potential gaps where employees may unknowingly create security vulnerabilities through unregulated use of AI tools.

Regional variations in cybersecurity posture

The survey also revealed regional differences in human risk management:

Southern Africa conducts more training than other regions.
East Africa shows stronger governance around AI.
West and Central Africa experience the highest rate of human-related security incidents.

A roadmap for stronger resilience

The KnowBe4 Africa Human Risk Management Report 2025 concludes with a call to action for organisations to close the gap between awareness and preparedness. Key recommendations include:

Implementing role-specific training
Setting measurable security outcomes
Developing clear AI policies
Strengthening reporting structures for cyber incidents

“This report reveals a critical paradox in African cybersecurity: while organisations feel aware and prepared, significant blind spots remain, especially concerning how they manage human risk,”

Collard notes.