Stream Tech Knowledge Partners with KnowBe4 to Strengthen Cybersecurity in Papua New Guinea
Empowering Organisations in PNG with World-Class Security Awareness Training
Papua New Guinea is entering a new phase of rapid digital transformation. With this growth comes an increasing need for stronger cybersecurity.
Stream Tech Knowledge PNG Ltd is pleased to announce its official partnership with KnowBe4, the global leader in security awareness training and simulated phishing.
This partnership represents a significant step forward in helping organisations across PNG reduce cyber risk, strengthen human defence, and build a more resilient security culture.
As cyber threats continue to evolve, businesses, government agencies, and critical infrastructure providers in Papua New Guinea now have access to enterprise level cybersecurity awareness solutions, delivered locally by Stream Tech’s experienced team.
Who are KnowBe4?
KnowBe4 is a globally recognised leader in human risk management, built around security awareness training, simulated phishing, anti-phishing orchestration, real time user coaching, compliance training, cloud email security, and a growing layer of AI driven security agents.
The platform is trusted by more than 70,000 organisations worldwide. Its positioning has evolved beyond awareness training to focus on managing both human and agent risk.
From a governance and compliance perspective, KnowBe4 maintains a strong international certification framework. This includes SOC 2 Type 2, SOC 3, ISO 27001, ISO 27701, ISO 27017, ISO 27018, ISO 42001, CSA STAR Level 1, and FedRAMP Moderate, all supported through its Trust Centre.
For Papua New Guinea, the commercial case is not about deploying another cybersecurity tool. It is about reducing human risk in a market where phishing, scams, ransomware, weak cyber hygiene, and uneven digital maturity remain real and ongoing challenges.
At the same time, government policy and sector wide digitisation are driving more organisations online. PNG’s National Cyber Security Strategy 2024 to 2030, the Digital Government Act 2022, and the National Data Governance and Data Protection Policy 2024 all increase the need for structured cybersecurity awareness and governance.
The most immediate opportunities to reduce security risks are within:
- Government and public sector organisations
- Mining and oil and gas
- Banking and financial services
- Telecommunications and internet service providers
- Tertiary education institutions
- Small and medium enterprises through managed service models
Government presents the strongest policy driven demand. The extractive sector carries significant operational and reputational risk. Banking faces clear pressure around fraud and trust. Telecommunications providers can act as both customers and strategic partners. Education requires scalable awareness programs. SMEs require simplified solutions supported by partners due to ongoing constraints in finance, infrastructure, and operational capacity.
KnowBe4 profile and what matters for PNG
KnowBe4 was founded by Stu Sjouwerman and, in 2025, refreshed its brand to reflect 15 years of leadership in human risk management. In the same year, Bryan Palma was appointed President and Chief Executive Officer, while Sjouwerman transitioned to Executive Chairman.
According to KnowBe4, they are a human risk management platform trusted by more than 70,000 organisations worldwide. Its messaging has evolved beyond traditional awareness training to focus on securing both people and AI driven agents.
The current platform includes Security Awareness Training, Cloud Email Security, PhishER Plus for anti-phishing, SecurityCoach for real time user coaching, Compliance Plus training, AI Defense Agents, and Agent Risk Manager.
The platform is presented as an AI driven suite designed to measure and manage both human and agent risk. The Security Awareness Training component includes continuously updated content, user assessments, simulated phishing, risk scoring, localisation, and reporting.
The feature highlights include:
- More than 25,000 phishing templates
- Support for more than 35 languages
- Behavioural assessments
- AI recommended training pathways
- Learner mobile application
- Integration with SSO, SAML, SCIM, and Active Directory
- API access
- Executive level reporting
- Multilingual SCORM compatibility
KnowBe4’s compliance and assurance framework is a strong advantage for enterprise and government clients in Papua New Guinea.
Its Trust Center includes:
- FedRAMP Moderate
- Cyber Essentials
- CSA STAR Level 1
- SOC 2 Type 2 and SOC 3
- ISO 27001, ISO 27701, ISO 27017, ISO 27018, ISO 42001
- VPAT
- GDPR
- CCPA
- EU US Data Privacy Framework
While these certifications may not be mandated locally, they significantly reduce due diligence effort for organisations that benchmark against international standards, including banks, mining companies, government agencies, and development programs.
Why the offer is relevant to Papua New Guinea
Papua New Guinea’s cybersecurity policy environment is progressing, although operational maturity remains uneven.
The Department of Information and Communications Technology’s National Cyber Security Strategy 2024 to 2030 positions cybersecurity as essential to protecting critical infrastructure, essential services, government systems, businesses, and citizens. The strategy calls for stronger governance, improved protection of critical infrastructure, increased awareness, enhanced incident response, and coordinated national capability.
A 2024 ministry statement confirms that Papua New Guinea improved from Tier 5 to Tier 3 in the Global Cybersecurity Index and intends to continue strengthening standards, national response capability, and private sector engagement.
For public sector organisations, compliance requirements are already clear and enforceable.
The Government Cybersecurity Standards, Guidelines and Best Practices 2023 were established under section 64 of the Digital Government Act 2022. These standards are mandatory for all public bodies and cover critical infrastructure, security solutions, internal policy, risk management, and governance.
In addition, the National Data Governance and Data Protection Policy 2024 apply not only to public agencies but also to organisations that process personal, confidential, or government data. This means that a structured approach to people, process, and behaviour is no longer optional for organisations working with or alongside government.
The threat landscape in Papua New Guinea closely aligns with the core capabilities of KnowBe4.
PNGCERT and the Royal Papua New Guinea Constabulary identify phishing, smishing, vishing, and ransomware as the most common forms of cybercrime. PNGCERT also highlights that ransomware can affect individuals, small businesses, government departments, and healthcare organisations.
NICTA awareness material reinforces this, warning that attackers target business, workplace, and university accounts through email, text messages, phone calls, and social media.
This confirms that the primary threats in Papua New Guinea are human focused, making awareness training and phishing simulation directly relevant.
Recent incidents demonstrate that these risks are real and current.
In February 2025, the Bank of Papua New Guinea reported a contained cybersecurity incident involving unusual activity in a test environment, with no impact on critical systems or data.
Separately, the Internal Revenue Commission confirmed a ransomware attack in January 2025 that disrupted network and email systems.
Even with limited public technical detail, these events show that cyber incidents are already affecting major institutions across the country.
The broader ICT environment reinforces the need for a localised and practical delivery model.
Internet usage in Papua New Guinea was approximately 24 percent of the population in 2023. Sector investment remains strong, with significant infrastructure development, including new towers and network expansion. However, mobile population coverage declined from 86 percent in 2022 to 77 percent in 2024, and affordability remains a challenge.
Further data indicates limited data centre infrastructure, low market competition among service providers, and high relative cost of internet access. Local content hosting remains minimal.
These factors highlight the need for solutions that are:
- Low bandwidth
- Flexible in delivery
- Capable of staged deployment
- Supported by local infrastructure and services
Energy and infrastructure conditions further reinforce this requirement.
Reliable access to electricity remains a national challenge, with ongoing investment programs aimed at improving access and stability. For organisations, this means that training and security programs cannot assume consistent connectivity or uninterrupted power.
Return on Investment (ROI)
KnowBe4 officially markets SAT as reducing average Phish-prone Percentage from 30% to under 5% in 12 months; the platform page claims reductions of over 85% in time spent investigating, quarantining and remediating malicious emails and over 90% in time spent managing/reporting awareness programs; and the SAT page cites a commissioned three-year ROI of 276% with payback in under three months.
Addressing Real World Cybersecurity Challenges in Papua New Guinea
Organisations in Papua New Guinea face practical barriers when adopting new technology and training programs. These concerns are valid and must be addressed directly to ensure successful implementation.
Addressing Real World Cybersecurity Challenges in Papua New Guinea
Organisations in Papua New Guinea face practical barriers when adopting new technology and training programs. These concerns are valid and must be addressed directly to ensure successful implementation.
Limited Time, Resources, and Capacity
A common concern is the lack of time, staff, and operational capacity to manage additional program.
This reflects the realities of the local environment, including limited internet access, affordability constraints, uneven coverage, and infrastructure challenges.
The solution is to simplify delivery and reduce the burden on internal teams. Training content should be short and delivered in manageable sessions. Program should start with a pilot group before expanding. Where required, delivery can be adapted using low bandwidth formats or local learning systems.
Stream Tech can assist with program administration, ensuring minimal impact on the client’s internal resources.
Existing Security Investments
Many organisations will already be using Microsoft or Google security tools.
It is important to note this solution as complementary, not competing. Security awareness and phishing response address the human layer, while existing tools focus on technical controls.
Even advanced email security systems cannot stop all phishing attacks. Human awareness remains essential. For organisations with mature environments, the focus should begin with awareness, training, and reporting, with additional security capabilities introduced over time.
Budget Constraints and Procurement Complexity
Budget limitations and procurement processes are a consistent challenge, particularly in the public sector and among smaller organisations.
Speak with us around both commercial and practical options, and pilot programs with fixed scope, flexible terms, including one year entry options and bundled pricing based on user numbers. Pricing will be presented in local currency and supported by low friction proof of value workshops.
For government organisations, proposals will be directly aligned to existing cybersecurity standards and data governance policies rather than generic global frameworks.
Perception of Training as a One Time Activity
There is often a belief that cybersecurity training is a once-a-year requirement.
This approach is no longer effective.
Threats such as phishing, scams, and ransomware are continuous. Both PNGCERT guidance and global cybersecurity data confirm that risk evolves constantly. Effective defence requires ongoing awareness, regular testing, and measurable improvement.
The message should be clear. Behaviour does not change through a single training session. It changes through repetition, reinforcement, and visibility of results.
Regulatory and Compliance Expectations Are Rising
Government initiatives and emerging frameworks are placing increasing pressure on organisations to demonstrate strong cybersecurity practices
Organisations must now show:
- Evidence of staff awareness training
- Clear risk management processes
- Proactive security measures
Failing to do so exposes organisations to compliance risks, financial penalties, and loss of stakeholder confidence.
The Skills Gap Is a Critical Constraint
Papua New Guinea faces a shortage of experienced cybersecurity professionals. Many organisations rely on small IT teams that are already stretched managing daily operations.
This creates a gap between risk and capability.
Without structured programs, organisations are left reacting to incidents rather than preventing them.
Infrastructure Challenges Increase Vulnerability
Power instability, connectivity limitations, and remote operations make it difficult to deploy traditional security solutions.
This makes a strong human defence even more critical.
A workforce that can identify and stop threats becomes a frontline security layer that does not depend on infrastructure.
The Human Factor
Why People Are the Primary Target
Cybersecurity has traditionally focused on technology. Firewalls, antivirus systems, and endpoint protection are essential, but they are no longer sufficient.
KnowBe4 research shows that human error is involved in over 80 percent of security breaches.
Attackers exploit:
- Trust in emails and communication
- Urgency and pressure
- Lack of awareness of modern attack methods
Employees are not intentionally careless. They are simply not trained to recognise evolving threats.
The Cost of One Click
A single phishing email can lead to:
- Credential theft
- Financial fraud
- Data breaches
- Ransomware infections
The financial impact can be significant, but the operational and reputational consequences are often greater.
For organisations in sectors such as banking, mining, and government, the consequences can include:
- Service disruption
- Regulatory scrutiny
- Loss of public trust
This is why organisations globally are shifting focus toward human risk management.
The Solution
Stream Tech and KnowBe4
Stream Tech, in partnership with KnowBe4, delivers a structured, continuous program designed to reduce human related cyber risk.
This is not a one-time training session. It is a long-term behavioural program supported by data, testing, and continuous improvement.
Want to learn more about KnowBe4 and how we can assist? Email us at sales@stknowledge.com.