Keepnet Surveys: Measure and Shape Security Culture

Security awareness programs succeed when they change behavior and culture. But many teams still rely on lagging indicators (incidents, tickets) rather than leading ones (attitudes, norms, psychological safety). Keepnet Surveys closes that gap: run targeted Security Culture Surveys, pulse checks, and campaign follow‑ups, using your own questionnaires or ready‑to‑use templates from our library, to transform insights into action.

Our approach brings together:

• Culture‑first design (psychological safety, norms, intent to report),
• AI‑assisted analysis (theme detection, sentiment, risk segmentation),
• Automatic localization (not just translation; terms and tone adapted by language and culture), and
• Omni‑channel delivery (Microsoft Teams, email, and web) to maximize response rates.

What is a Security Awareness Training Survey?

A security awareness training survey is a structured questionnaire that measures what your people know, believe, and actually do about cybersecurity. Done before and after training, it turns awareness from a vague concept into hard data, tracking knowledge of policies, recognition of phishing cues, and confidence in reporting incidents. In short, it’s the bridge between training content and measurable human-risk reduction.

Great surveys go beyond trivia. They probe behaviors and attitudes: password habits, MFA use, shadow IT tendencies, and willingness to challenge suspicious requests. By segmenting results by role, department, or region, you discover exactly where risk concentrates, so you can prioritize high-impact, role-based training instead of one-size-fits-all modules.

Why Surveys Matter in Human Risk Management

Traditional metrics (click rates, dwell time) show what happened; surveys reveal why it happens. Combining the two lets CISOs and Security & Risk leaders target interventions precisely:

• Attitudes & beliefs: Do people feel confident spotting phishing? Do they trust reporting won’t backfire?
• Norms: What do peers typically do? Is reporting the default?
• Barriers: Time pressure, unclear policy, language, tool usability.
• Psychological safety: Are employees comfortable asking for help or admitting mistakes?

These leading indicators forecast behavior. When they improve, downstream risk metrics typically follow.

What You Can Run with Keepnet Surveys

Keepnet Surveys gives security teams an enterprise-ready toolkit to measure and improve human risk:

• Security Culture Survey (flagship): A research‑informed instrument measuring seven pillars: awareness, perceived risk, efficacy, reporting intent, norms, leadership signals, psychological safety.
• Phishing & Reporting Pulse: 3–5 question pulses after campaigns to understand cues people missed and what would help next time.
• Policy & Process Check‑ins: Short checks on MFA, password hygiene, data handling, or vendor access.
• Custom Surveys: Bring your existing items (Likert, multiple‑choice, free text). Import, field, and analyze in minutes.
• Library Surveys: Use and tailor proven templates curated by Keepnet (e.g., Security Culture Survey, Phishing Awareness Pulse, Incident Response Confidence).

All formats support branching logic, skip patterns, and device‑responsive layouts.

Omni‑channel Delivery

Boost participation with omni-channel delivery built for modern enterprises. Aligned to Gartner’s SBCP, Keepnet delivers surveys and learning through Microsoft Teams, email, and the web using secure SSO links. no portals, no passwords:

• Training with Microsoft Teams: Post to chat/channels or assign via Viva Learning surfaces; reminders and nudges run natively.
• Email & Web: Frictionless links with SSO; no passwords, no portals.
• Mobile‑ready: Fully responsive for phones and tablets.

AI‑assisted Insights (Beyond Dashboards)

Turn survey data into action with AI-assisted insights—beyond dashboards. Keepnet clusters open-text feedback, runs sentiment and confidence analysis, and segments risk by role, region, and language to show where support is needed most:

• Theme detection: Cluster open‑ended feedback into topics (e.g., link previews, sender verification, time pressure).
• Sentiment & confidence: Separate dissatisfaction from uncertainty; track change over time.
• Risk segmentation: Slice results by org unit, role, geo, and language to find where support is needed most.
• Automated summaries: Executive‑ready briefs that highlight strengths, gaps, and recommended actions.
• Continuous improvement loop: Feed insights into JIT Learning Pages, nudges, and next‑best training—automatically.
• Privacy is built‑in: anonymous by default, configurable aggregation thresholds, and data retention controls.

From Insight to Action: Close the Loop

Survey results are only useful if they drive change. Keepnet links insights to interventions:

1. Pinpoint gaps (e.g., low reporting intent in a region).
2. Trigger interventions (JIT coaching, micro‑lessons, policy clarifications) in the same channel employees use.
3. Nudge & reinforce with spaced reminders.
4. Measure again with pulse surveys to verify improvement.

This creates a living program—not a one‑off questionnaire.

Core Differentiators Keepnet Awareness Surveys

Built for enterprise security programs, Keepnet delivers culture-grade survey instruments with AI analysis, automatic localization, and privacy-by-design. Here are key differentiators of Keepnet’s security awareness training surveys:

• Culture‑grade instruments: Templates grounded in behavior change and organizational psychology; adaptable to your policies and tone.
• AI‑powered analysis: Automatic coding of comments, de‑duplication, and trend detection—at enterprise scale.
• Automatic localization: Language and examples adapted per locale; terminology (e.g., warning signs / indicators) rendered appropriately.
• Omni‑channel participation: Teams, email, and web delivery with gentle nudges to lift response rates without spamming.
• Privacy & trust: Anonymous response options, aggregation thresholds, and clear comms to protect participants and improve candor.
• Closed‑loop orchestration: Convert findings into targeted training, JIT pages, and communication campaigns with one click.

Sample Items (From the Library)

Use research-backed, ready-to-deploy questions to assess phishing recognition, reporting confidence, and policy clarity. Every item is customizable and available in multiple languages, so you can launch a security culture survey tailored to roles, regions, and real behaviors.

• I feel confident recognizing the warning signs of phishing emails. (Strongly disagree → Strongly agree)
• If I report a suspicious message and it’s a false alarm, I won’t be blamed.
• In my team, reporting suspicious messages is the norm.
• I know the fastest way to report a suspicious email or message.
• The language used in security guidance is clear and understandable in my language.

Each item is available in multiple languages and can be customized.

Example Use Cases

Use Keepnet Surveys at key moments in your security program. After a phishing simulation, launch a 4-question pulse to spot missed cues and auto-assign a 60-second JIT page. enablement. This keeps training targeted, measurable, and aligned to real behaviors.

• Post‑campaign pulse: After a phishing simulation, field a 4‑question pulse to learn which cues were missed; auto‑assign a 60‑second JIT page aligned to those cues.
• Quarterly culture check: Run the Security Culture Survey twice a year; track shifts in reporting intent and psychological safety.
• Change management: Before rolling out a new phishing reporting button or policy, survey confidence and clarity; tailor enablement based on the findings.

Metrics that matter

Prove impact with human-risk KPIs that blend leading and lagging indicators. Track reporting intent, cue-recognition confidence, policy clarity, and psychological safety alongside phishing click-through, dwell time, and reporting speed.

Track leading and lagging indicators together:

• Leading: reporting intent, cue recognition confidence, policy clarity, psychological safety.
• Lagging: phishing click‑through, dwell time, reporting volume and speed.

Programs that lift reporting intent and cue recognition typically see downstream reductions in click‑through and faster detection. (Source: Keepnet internal observations, 2025.)

Get started

Contact us to run your first Security Culture Survey or pulse. Use a Library template or import your own questionnaire, deliver in Microsoft Teams or email, and see how AI‑assisted insights drive targeted coaching—fast.