KnowBe4 to acquire Norwegian assessment company CLTRe

Terms of the deal were not disclosed.
KnowBe4 currently is integrating the CLTRe assessments into its platform, and does not plan to change its pricing as a result of the deal. (Greg Otto/Scoop News Group)

The security training vendor KnowBe4 has acquired CLTRe, a Norwegian company that specializes in measuring clients’ security preparedness, according to an announcement scheduled for Tuesday.

Florida-based KnowBe4 describes itself as the world’s largest security awareness training company. The firm is known for providing clients with a simulated phishing platform and partnering with Kevin Mitnick, the hacker-turned-consultant who now works as KnowBe4’s chief hacking officer. KnowBe4 was named among the fastest-growing apps used by corporate America, according to a survey released in February.

CLTRe (pronounced “culture”) is a small firm that created its own security culture framework, which is meant to provide companies with information about how their security culture changes over time. The framework measures corporate behavior, responsibilities, cognition, norms, compliance, communication and attitudes, as all those factors relate to security, over time.

Terms of the deal were not disclosed.


KnowBe4 currently is integrating the CLTRe assessments into its platform, and does not plan to change its pricing as a result of the deal.

“With KnowBe4 and CLTRe, organizations can gain true insight into their security culture, improve their security with pinpoint accuracy, report their progress to their board of directors, and educate their users to make smarter security decisions,” CLTRe CEO Kai Roer said in a statement.

A quantified risk assessment about a company’s security culture could help corporate chief information security officers inform their board of directors about the most pressing vulnerabilities, perhaps resulting in a larger budget. Directors frequently view security risk through a financial perspective, and assigning a numerical or understandable value to existential concepts like organizational responsibilities can shrink the amount of misunderstanding.

Third party assessment providers like Accenture Security, BitSight, SecurityScorecard and others also measure security risk in a way meant to help companies understand their security needs in clearer terms.

This deal marks only the latest cybersecurity merger or acquisition in an industry that analysts predict will only continue to consolidate. The data backup service Carbonite in February acquired Webroot, and some $3 billion of investors’ dollars has been pumped into the industry so far this year, Dino Boukouris, a founding director at Momentum Cyber, said last week.

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts