Security and Behaviour Change

Measuring the effectiveness of cybersecurity measures is a complex task, often fraught with challenges. Understanding these difficulties is essential for organizations aiming to implement robust security practices and assess their impact accurately. This article explores the key reasons why measuring security is hard, drawing on insights from Pfleeger and Cunningham’s paper, Why Measuring Security is […]

In any cybersecurity initiative, particularly those aimed at training and awareness, measuring the impact is crucial. Without proper metrics, it becomes impossible to determine if the campaign has met its goals, yielded a return on investment, or strengthened security controls to reduce vulnerabilities effectively. This article delves into why measuring impact is essential and how

A well-executed security awareness campaign is crucial for strengthening an organization’s cybersecurity posture. However, the success of such a campaign depends on more than just raising awareness. The ultimate goal is to drive observable changes in behavior, which requires careful planning and execution. Below are the key ingredients necessary for a successful security awareness campaign:

In the realm of cybersecurity, the transition from theory to practice often reveals a multitude of challenges. This is particularly true when designing training and awareness programs aimed at mitigating cyber risks. While theoretical frameworks provide essential guidelines, real-world implementation requires a nuanced approach that accounts for the complexity of human behavior and organizational dynamics.

In today’s digital landscape, online scams such as romance scams and pig butchering schemes pose significant threats to individuals’ financial and emotional well-being. These scams often employ social engineering tactics, exploiting trust and emotions for malicious purposes. To combat these threats effectively, organizations, governments, and law enforcement agencies must develop targeted awareness campaigns that resonate

When it comes to cybersecurity, applying theoretical concepts to real-world situations often proves more challenging than expected. This principle is particularly evident in the development and implementation of cybersecurity training and awareness programs. In the video “Cyber Risk Aware – People Matter: ‘The Power of Diversity’ with Ellie of Standard Chartered Bank,” Ellie Warner, a

The Power of Diversity in Cybersecurity: Insights from Standard Chartered Bank In a recent webinar hosted by Cyber Risk Aware, Ellie, Head of Training and Awareness for Trust Data and Resilience at Standard Chartered Bank, shared invaluable insights into the importance of diversity—particularly cognitive diversity—in building robust security awareness and education programs. The discussion emphasized

In today’s digital landscape, maintaining a robust security posture is essential for both organizations and individuals. While technical solutions play a crucial role, the human element—specifically security awareness—is equally important. This article explores the role of self-efficacy and controllability in enhancing security awareness, emphasizing how these psychological factors influence security behaviors and overall protection against

Cybersecurity awareness campaigns frequently utilize fear appeals to motivate behavioral changes. Fear appeals are persuasive messages that highlight the severe consequences of not adhering to security practices. However, their effectiveness is often limited, and they can have unintended consequences if not used carefully. The paper by Renaud and Dupuis, titled “Cybersecurity fear appeals: Unexpectedly complicated”,