Dive into practical advice, research findings, and expert perspectives on building security-aware cultures. Explore evidence-based strategies to strengthen your organization's human security posture.
Part five of a seven-part series unpacking how the behavioural science concept of choice architecture can be woven into IT architecture, UX/UI, and development lifecycles to nudge, guide, and default users toward secure behaviours – without relying solely on training or policy. Each article will blend behavioural science, secure-by-design principles, and practical application in the technology lifecycle.
Read ArticleIn the first three blogs of this series, we looked at the foundations of choice architecture, the power of secure defaults, and how UX nudges can guide people toward safer decisions. But here’s the challenge: unless these principles are baked into the way we build technology, they risk becoming afterthoughts, nice-to-have features that get dropped when deadlines bite. That’s why the next step is embedding choice architecture into the Software Development Lifecycle (SDLC) itself.
Read ArticleThis article explores how Gen AI can support HCRM, with a focus on intervention design, and provides 10 validated prompts that practitioners can adapt for their organisation’s specific context.
Read ArticleIn the first two blogs of this series, we explored how choice architecture shapes behaviour and why secure defaults are one of the most powerful tools in security. Now it’s time to move into the world of user experience (UX) and interface design, where the smallest details can have the biggest impact on whether people behave securely… or take risky shortcuts.
Read ArticlePart two of a seven-part series unpacking how the behavioural science concept of choice architecture can be woven into IT architecture, UX/UI, and development lifecycles to nudge, guide, and default users toward secure behaviours – without relying solely on training or policy. Each article will blend behavioural science, secure-by-design principles, and practical application in the technology lifecycle.
Read ArticleThe first of a seven-part series that will unpack how the behavioural science concept of choice architecture can be woven into IT architecture, UX/UI, and development lifecycles to nudge, guide, and default users toward secure behaviours – without relying solely on training or policy. Each article will blend behavioural science, secure-by-design principles, and practical application in the technology lifecycle.
Read ArticleIn the pursuit of embedding strong cybersecurity practices across an organisation, many professionals have turned to Security Champion Programmes as a key strategy. These programmes leverage employees who are embedded within business units or teams to promote secure behaviours and act as local advocates of cyber risk awareness.
Read ArticleEstablishing a Security Champions Programme can be a transformative step towards embedding a resilient cybersecurity culture across an organisation. However, many businesses underestimate the ongoing challenges that extend far beyond the initial setup phase. Building an effective programme is not just about appointing enthusiastic individuals; it requires a through-life approach that considers sustainability, scalability, and adaptability in an ever-changing business and threat environment.
Read ArticleIn today’s rapidly evolving digital world, changing human behaviour has become one of the most critical components in managing cybersecurity risk. Whether you’re trying to encourage secure password practices, improve incident reporting, or embed a culture of security awareness, knowing how to change behaviour is essential.
Read ArticleUnderstanding behaviour is only the beginning; lasting change requires a lifecycle approach. The Behavioural Change Lifecycle provides a structured, evidence-based process for influencing secure behaviours across your organisation. From diagnosing the root causes of human risk to designing targeted interventions, embedding new habits, and evaluating long-term impact, this lifecycle ensures that change is not just reactive or one-off but sustainable and strategic.
Read Article