Security Champion programmes often start strongly but plateau when they become a vehicle for repeating awareness messages. Social Network Analysis (SNA) helps you design a Champion network as an influence system with structure, coverage, and roles that enable scientific behavioural change, not just communications activity.

The problem: Champion networks that drift into “comms on legs”

Most Champion communities are launched with energy and good intent. Volunteers join, a community forms, and security teams gain a route to push messages into the business. Then the same issues recur:

  • A small number of Champions become the hub for everything, creating bottlenecks and burnout.

  • Coverage is uneven across functions, geographies, and delivery teams.

  • Champions share content, but the risky behaviours do not shift, or they shift briefly and revert.

  • Success is measured as activity (posts, sessions, attendance) rather than outcomes (behaviour, reduced incidents, fewer policy breaches, faster reporting).

The underlying issue is structural. Without a designed network and defined roles, the programme behaves like a community of interest rather than an operational capability.

SNA 101: What Social Network Analysis is, in plain English

Social Network Analysis (SNA) is a method for understanding how people are connected and how information, influence, and support actually move through an organisation.

Instead of looking at reporting lines (the org chart), SNA looks at relationships such as:

  • Who people go to for advice

  • Who collaborates with whom to get work done

  • Where trust sits for decisions or problem-solving

  • Which groups talk frequently and which are isolated

A simple way to picture it

Imagine a map where:

  • Each person is a dot (a node)

  • Each relationship is a line (a tie)

SNA analyses the shape of that map to answer practical questions:

  • Where are the influential people, regardless of job title?

  • Which teams are well connected and which are cut off?

  • Who bridges silos and who sits inside tight clusters?

  • Where does information get stuck, distort, or fail to reach?

How you typically collect SNA data

In Champion contexts, SNA is commonly created from a lightweight survey, sometimes combined with collaboration data where appropriate and permitted.

A basic survey might ask:

  • “Who do you go to for advice on secure ways of working?”

  • “Who do you trust to help you solve security-related issues quickly?”

  • “Who do you share good practices with in your team?”

The output is not a judgment of individuals. It is a system-level picture of how influence flows today, so you can design interventions that work with reality rather than assumptions.

What SNA reveals that the org chart cannot

Once you can “see” the network, you can diagnose predictable risks and opportunities.

1) Hidden influence and informal leadership

Some people have an outsized impact because others naturally consult them. They may not be managers or senior leaders, but they shape norms.

2) Bottlenecks and single points of failure

A network that depends on one or two central individuals will move fast at first, then slow down as those individuals become overloaded.

3) Silos and blind spots

If two business units rarely exchange advice, a good practice in one may never reach the other. Risk persists simply because the learning cannot travel.

4) Isolates and underserved teams

Some teams have few ties to knowledgeable peers. They often improvise, bypass controls, or develop local workarounds because support is not accessible.

5) Clusters where norms either embed or resist change

Tightly connected groups can be your best asset for habit formation, or your most significant barrier if a risky norm is socially reinforced.

Why structure and roles matter

SNA is valuable because it enables intentional network design. It helps you move from “a group of Champions” to “a Champion operating model”.

A role-based structure provides three benefits:

  1. Clear accountability for priority behaviours and outcomes

  2. A repeatable way to scale without overloading a few individuals

  3. A foundation for scientific practice, where Champions learn what works, for whom, and why

A practical role model for a mature Champion network

You do not need six job titles for every area. You need a small number of roles that match how networks work.

Role 1: Local Anchors

Purpose: Embed practices inside a team or function and act as the first line of support.
Best suited to: Trusted peers within a cluster who understand local workflows.
Value: Norm-setting, context translation, rapid feedback on friction and feasibility.

Role 2: Connectors

Purpose: Accelerate diffusion of new practices across the network.
Best suited to: People who naturally have many relationships across teams.
Value: Reach and speed. They reduce “time to norm” when rolling out practices.

Role 3: Brokers and Boundary Spanners

Purpose: Bridge silos and reduce friction between groups, such as security and delivery, engineering and operations, central and regional teams.
Best suited to: People who sit between communities and can translate language and priorities.
Value: They close gaps where risk hides, and they prevent local reinvention.

Role 4: Practice Leads (Behaviour Owners)

Purpose: Own one priority behaviour end to end. Examples: incident reporting, safe data sharing, secure configuration handling, reducing MFA fatigue behaviours.
Operating expectation: Diagnose barriers, design interventions, define measures, coordinate roll-out with Local Anchors and Brokers.
Value: Moves the programme from content to outcomes.

Role 5: Experiment Leads (Scientific Practitioners)

Purpose: Run small, ethical trials to identify which interventions produce measurable behaviour change in which contexts.
Operating expectation: Form hypotheses, run pilots, compare results across teams, document learning, and standardise successful practices.
Value: Builds an evidence base rather than relying on intuition.

Role 6: Measurement and Insight Leads

Purpose: Define behavioural indicators, curate data sources, and build dashboards that show outcomes and network health.
Operating expectation: Distinguish reach, engagement, adoption, and sustained behaviour.
Value: Prevents the programme being evaluated solely on outputs.

This structure is flexible. In smaller organisations, one person may hold multiple roles. In larger ones, roles may be distributed by geography or function.

The real upgrade: Champions as behavioural change practitioners

Awareness is not useless. It is just insufficient. Behaviour fails for many reasons that messaging alone cannot address:

  • Process friction and work pressure

  • Tool usability and confusing defaults

  • Social norms that reward speed over safety

  • Lack of prompts at the point of action

  • Unclear ownership of “secure ways of working”

A mature Champion network operates more like a change capability:

  1. Diagnose the behaviour and barriers in context

  2. Design interventions that address capability, opportunity, and motivation

  3. Test in small pilots rather than big campaigns

  4. Measure actual behaviour shifts, not just participation

  5. Scale what works using the network structure

  6. Sustain through norms, cues, and reinforcement

SNA makes this feasible because it helps you deploy the right people to the right behaviours in the right parts of the organisation. That is how you avoid a one-size-fits-all awareness approach.

How to start: a six-step playbook

  1. Select 3 to 5 priority behaviours linked to real risk outcomes (not broad themes).

  2. Run a lightweight network survey focused on advice and trust routes related to secure working.

  3. Map the network and identify connectors, brokers, clusters, and underserved teams.

  4. Assign roles intentionally and define expectations, time commitment, and escalation pathways.

  5. Move from campaigns to trials: run two to four small interventions per quarter with clear measures.

  6. Re-map periodically (for example quarterly or biannually) to monitor network health, coverage, and overload.

 

A note on trust, ethics, and psychological safety

Because SNA analyses relationships, you must handle it with care:

  • Be transparent about the purpose: improving support, not monitoring individuals.

  • Collect the minimum data required and anonymise reporting where possible.

  • Use insights to reduce friction and improve enablement, not to penalise people.

  • Maintain a psychologically safe environment where raising risks and near-misses is valued.

A Champion network only delivers influence if it is trusted.