KnowBe4, the cybersecurity platform that comprehensively addresses human risk management, today released its new report, “Africa Human Risk Management Report 2025.”
The report reveals a mismatch between employer perceptions and employee experience of organizational cybersecurity in key African industries, with potentially costly consequences.
The report captures insights from cybersecurity decision-makers across 30 African countries. One of the biggest themes the survey uncovers is a mismatch between perception and reality: what employers believe is not necessarily what employees feel or experience.
In key growth industries across the continent, cybersecurity preparedness and the actual structures needed to support secure behavior seem misaligned.
The report highlights, for instance, that just 10% of cybersecurity leaders are fully confident that staff would report a phishing attack or other cyber threat, despite rating employee security awareness of cyber threats at four out of five or higher. Furthermore, a significant perception gap exists between decision-makers and general employees in Africa regarding security awareness training, with 68% of leaders believing that training is tailored to roles, compared to only a third of employees feeling adequately trained.
This contrast is underscored by the data showing that there is a difference between what leaders believe about security awareness training effectiveness and what employees actually experience. This is further emphasized by the fact that many organizations only conduct annual or biannual training that is too generic to effectively change behavior, contributing to uncertainty about its effectiveness.
Previous end-user-based responses revealed that only 43% of African respondents felt confident in their ability to recognize a cyber threat, and just one in three believed their security awareness training was adequately tailored to their role. This comparison suggests the development of a dangerous perception gap in many organizations.
“There’s a disconnect here—between what leaders think is happening and what employees are actually experiencing,” says Anna Collard, SVP of content strategy & evangelist at KnowBe4 Africa. “The data shows that without procedural and cultural follow-through, awareness simply doesn’t translate into readiness.”
The report concludes with a roadmap for turning awareness into action—including role-specific training, measurable outcomes, AI policy development, and better reporting structures.
“This report reveals a critical paradox in African cybersecurity: while organizations feel aware and prepared, significant blind spots remain, especially concerning how they manage human risk,” Collard concludes. “The continent’s cybersecurity posture may be more confident than it is truly resilient.
