Explore cutting-edge research findings, thought leadership, and expert perspectives that bridge the gap between behaviour and cybersecurity. Our Insights hub brings together evidence-based analysis, practitioner experiences, and emerging trends to help you understand why people act the way they do, and how behavioural science can be applied to build safer digital habits, stronger security cultures, and more resilient organisations.
When organisations punish people for security mistakes, they rarely eliminate the behaviour. Instead, they drive it out of sight. Incidents are quietly fixed, near misses are brushed aside and critical warning signs never reach the teams that could act on them. The result is not a safer organisation, but a more fragile one. On the surface, everything looks calm. Underneath, unreported breaches, workarounds and vulnerabilities accumulate until something finally breaks in full view.
Read InsightEmployees frequently hesitate to report security incidents due to deep-rooted cultural barriers including fear of blame, hierarchical power dynamics, and inadequate support systems. This reluctance delays incident response and obscures systemic vulnerabilities. Building effective reporting cultures requires authentic psychological safety, transparent communication, streamlined processes, and sustained leadership commitment that treats incidents as learning opportunities.
Read InsightWith insider threats causing 60% of breaches, organisations deploy sophisticated behaviour monitoring tracking every digital action. But this security imperative creates ethical dilemmas: surveillance erodes trust, stifles innovation, and raises privacy concerns. The challenge isn't choosing between security or privacy, but achieving both through transparent, proportionate practices that protect assets whilst respecting workforce dignity.
Read InsightIn an era where cyber threats evolve at breakneck speed and human error remains the weakest link in security defences, organisations are increasingly recognising that technology alone cannot protect them. The most sophisticated security infrastructure in the world can be undermined by a single employee who spots something suspicious but remains silent, fearing ridicule, blame, or repercussions.
Read Insight