Explore cutting-edge research findings, thought leadership, and expert perspectives that bridge the gap between behaviour and cybersecurity. Our Insights hub brings together evidence-based analysis, practitioner experiences, and emerging trends to help you understand why people act the way they do, and how behavioural science can be applied to build safer digital habits, stronger security cultures, and more resilient organisations.
When organisations punish people for security mistakes, they rarely eliminate the behaviour. Instead, they drive it out of sight. Incidents are quietly fixed, near misses are brushed aside and critical warning signs never reach the teams that could act on them. The result is not a safer organisation, but a more fragile one. On the surface, everything looks calm. Underneath, unreported breaches, workarounds and vulnerabilities accumulate until something finally breaks in full view.
Read InsightEighty-two per cent of security breaches involve a human element. Yet when asked how they measure security culture, most organisations point to training completion rates. This disconnect reveals a fundamental problem: we're measuring activity rather than outcomes, compliance rather than culture. It's rather like measuring physical fitness by counting gym visits instead of actual health indicators. You might have perfect attendance, but are you actually getting fitter?
Read InsightThe cybersecurity industry has a measurement problem. We measure training completion rates, phishing click rates, and incident response times. We track vulnerability patches and compliance scores. Yet organisations with perfect scores on these metrics still suffer catastrophic breaches driven by human behaviour. The disconnect is stark: we're measuring activity, not understanding or change.
Read Insight