At CybSafe, we don’t just
believe in evidence — we build with it.

But our obsession with science, research, and the evidence base goes well beyond
our product.

Our mission is to transform the way society addresses the human aspect of cybersecurity. That’s why every nudge, every workflow, every line of code is increasingly grounded in data, tested hypotheses, and continuous learning loops. Because when human behavior is the risk, guesswork isn’t just ineffective, it’s irresponsible and leads to stagnation.




At the heart of this vision is CybSafe’s dedicated Science and Research team. They focus on using behavioral science, cyberpsychology, data analytics, and artificial intelligence (including Generative AI and LLMs) to reshape the way organizations approach human cyber risk.

The team comprises researchers with backgrounds in psychology, cybersecurity, and computing, and experience in designing and delivering behavior change for more than two decades. 



While hundreds of companies focus on human cyber risk, CybSafe is unique. We are one of the few organizations with a dedicated team of researchers and scientists committed to advancing the field of science and research in cybersecurity behaviors and leveraging AI to responsibly achieve it.

This ensures that CybSafe is more than a product. It’s an evidence-based, adaptive security layer that will scientifically and systematically reshape how organizations, and ultimately society, manage human risk.

Our work


Understanding the science of human behavior is key to building a future that reshapes the way organizations approach human cyber risk. Our research and innovation work is based on four key principles:

Insights and best practice from psychology to change behavior
Responsibly leveraging AI and LLMs to drive innovation in the human aspect of cybersecurity space
Scientifically evaluated to know what works in changing behavior and why
People-centric so that people are both productive and secure at work
This is some text inside of a div block.
Oh, Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2025-2026

We surveyed 7000 people to reveal how attitudes and behaviors shape security risk.

This is some text inside of a div block.
Rebooting risk: Human Risk Management’s debate, definitions, and direction of travel

Human Risk Management’s debate, definitions, and direction of travel.

This is some text inside of a div block.
Nudging: The (gentle) art of persuasion

Unlock the power of nudging for cybersecurity: a guide for security leaders and practitioners.

This is some text inside of a div block.
IMPACT 2025: The findings

Hosted by CybSafe, IMPACT is the free, annual event that shines a spotlight on the latest research into human factors and cybersecurity. Imagine a room (or two) full of the world’s leading security minds, all dissecting the human side of cybersecurity. This IMPACT 2025 report is your cheat sheet to the biggest takeaways in human cyber risk. No fluff, just the juicy bits.

This is some text inside of a div block.
2025 security awareness predictions

What the industry pros predict, and how to stay on the front foot.

This is some text inside of a div block.
Gartner® 5 Communications Tactics to Get People to Take Cyber Risk More Seriously

Research collaborations


Our product is developed and maintained through research and in collaboration with world-renowned academic research partners. We want to protect people online by building the best product we can, whilst also contributing to academic knowledge and government policy.

Only through collaboration and policy impact can we help to address the wicked problem of cybersecurity and keep people, businesses, and nations safe online.

Projects

The team collaborates with several universities (Bath, Bristol, Cardiff, Kent, and Northumbria). Here is some of the work we currently lead on or are involved in:

Cyber Security Quirks
Cyber Security Quirks is funded by the Home Office and part of the Research Institute in Sociotechnical Cyber Security. The project explores the role of personalisation in cyber security behaviour interventions by taking account of individual variability.
SPEC
Simulated Phishing and Employee Cyber security behaviour (SPEC) is led by CybSafe in conjunction with the University of Bath. Funded by the Centre for Research and Evidence on Security Threats the project explores the impact of simulated phishing emails on employee awareness and work-based outcomes such as productivity and trust. Read more about the project here.
PHISHTRAY
PHISHTRAY is a modifiable open source e-tray software for research and training applications related to social engineering for use in academia and industry. Funded by CPNI and developed by behavioural scientists from the University of Bath and University of Bristol in conjunction with CybSafe.
AP4L
AP4L is a 3-year program of interdisciplinary research, centring on the online privacy & vulnerability challenges that people face when going through major life transitions. Our central goal is to develop privacy-by-design technologies to protect & empower people during these transitions.
CREST
CybSafe is an associate partner of the Centre for Research and Evidence on Security Threats a national hub delivering world-class, interdisciplinary portfolio of activity maximising the value of behavioural and social science research to understanding, mitigating and countering threats to national security.
PETRAS
The PETRAS Internet of Things Research Hub is a consortium of nine leading UK universities which explore critical issues in privacy, ethics, trust, reliability, acceptability, and security related to Internet of Things technology. We currently support the Consumer Security Index project, exploring labelling schemes for consumer products and the Cyber Hygiene project, exploring behaviour change  interventions for cyber security behaviour.
University of Kent
Led by Dr. Jason Nurse and starting in Summer 2020, we will be supporting a PhD programme exploring the cyber security issues faced by technology users in the home environment with a focus on behaviour change interventions for different home users (such as adults, teenagers) with emerging Internet of Things  technology,
Research Institute for Sociotechnical Cyber Security
The Research Institute for Sociotechnical Cyber Security is the UK’s first academic Research Institute to focus on understanding the overall security of organisations, including their constituent technology, people, and processes. It is now in its second phase.
SPRITE+ hub
The SPRITE+ hub brings together people involved in research, practice, and policy relevant with a focus on digital contexts. We are are a project partner helping to identify the future challenges of security, privacy, identity & trust in the digital world.
Safe as Houses: TIPS in Home Office Environments
As a result of COVID-19, many workplaces had to suddenly transition to remote working, despite a lack of training, remote-working policies, or in some cases, work devices. Coupled with the pressures of working from home in this context (e.g. childcare, impaired work-life balance), this new way of working has changed the risks and challenges surrounding workplace Trust, Identity, Privacy and Security (TIPS). This is exacerbated even further with the increase in cyberattacks specifically targeting remote workers. This work will therefore aim to explore and identify these issues, taking a socio-technical approach and focusing on small and large organisations. Our goal is to provide key, novel insights into the new challenges and tensions in relation to TIPS in these environments, and thereby provide the much-need foundation for approaches to address these issues.

Government and regulators

The team works with government bodies and regulators to advance people-centred security and cyber resilience.

Financial Conduct Authority (FCA)
We are supporting the FCA on guidance regarding how firms should measure, address and report on cyber awareness and culture risk within their organisations.
National Cyber Security Centre (NCSC)
The sociotechnical group of NCSC focuses on how technology interacts with people, process and technology. We are working with NCSC on people-centric security and their awareness and behavior change guidance.
Department for Science, Innovation and Technology (DSIT)
We are working with the Cyber Security and Data Protection Directorate on improving cyber resilience in UK organizations.

Research Advisory Group

We strive to make sure that we are doing the best work possible.  As such, we have a Research Advisory Group, comprising of leading cyber security experts, who provide independent high-level strategic advice and input into the development of the Research and Analysis activities conducted at CybSafe.

Prof. Adam Joinson
Prof. Adam Joinson conducts inter-disciplinary research on the interaction between human behaviour and technology, he is programme lead for the national Centre for Research and Evidence on Security Threats, as well as, running funded projects on individual susceptibility to malevolent influence techniques (e.g., phishing), communication accommodation, and behaviour change and technology.
Prof. Lynne Coventry
Prof. Lynne Coventry is the Director of PaCT (Psychology and Communication Technology) at Northumbria University. She is an applied researcher who is keen to explore new ways of integrating psychology into design and technology development processes.
Prof. Shane Johnson
Prof. Shane Johnson is the Director of the Dawes Centre for Future Crime at UCL. He has worked within the fields of criminology and forensic psychology for two decades, and his research has explored how methods from other disciplines can inform understanding of crime and security issues.
Dr. Jason Nurse (Chair of Advisory Group)
Dr. Jason Nurse chairs the Advisory Group and is the Director of Science of Research at CybSafe. Dr Nurse is also a Reader in Cyber Security at the University of Kent. His research investigates the human and psychological aspects of cyber security, privacy and online trust.
Dr. Suzie Dobrontei, CPsychol
Dr. Suzie Dobrontei is a chartered social psychologist, former university lecturer, and Behavioral Scientist at CybSafe. She’s researched and taught social processes, group dynamics and human factors in cyber security for eight years.
NCSC Researcher
A senior researcher from NCSC’s Sociotechnical Security Group.

Resources & events

SebDB
SebDB is the world’s first AI-powered, open-source security behavior database. It forms the foundation of a fast-evolving behavioral ontology for cybersecurity.Designed and maintained by CybSafe’s Science and Research team as an open-source research initiative, SebDB maps security behaviors to impacts, threat actor tactics, intervention strategies, and security frameworks like MITRE ATT&CK and NIST CSF. It brings structure, meaning, and actionability to human cyber risk, something long overlooked or misunderstood in security programs. Find out more
The IMPACT conference
IMPACT is about facilitating discussion and collaboration between academia and industry. And it’s about the latest academic research on the human aspect of cybersecurity. World leading-academic experts will discuss the latest research implications for policy and practice. Find out more
Research library
The world’s first globally accessible archive of research into the human aspect of cybersecurity and behavioral science as applied to cybersecurity awareness and online behavioral change. Find out more

Research publications

Nurse, J. R. C., Milward, J., & Alashe, O. (2025). From Security Awareness and Training to Human Risk Management in Cybersecurity. In International Conference on Human-Computer Interaction (pp. 86-104). Cham: Springer Nature Switzerland.
Nurse, J. R. C., Williams, N., Collins, E., Panteli, N., Blythe, J., & Koppelman, B. (2021). Remote working pre-and post-COVID-19: an analysis of new threats and risks to security and privacy. In International Conference on Human-Computer Interaction (pp. 583-590). Cham: Springer International Publishing.
Blythe, J. M., Gray, A., & Collins, E. (2020). Human cyber risk management by security awareness professionals: Carrots or sticks to drive behaviour change?. In International conference on human-computer interaction (pp. 76-91). Cham: Springer International Publishing.
Blythe, J. M., Sombatruang, N., & Johnson, S. D. (2019). What security features and crime prevention advice is communicated in consumer IoT device manuals and support pages?. Journal of Cybersecurity, 5(1).
Behavioral security,
AI-powered

CybSafe is the adaptive Human Risk Management platform that helps security teams reduce risky behaviors at scale.

About
About usLatest releasesAbout Science & ResearchContact us
Other
Partner portalLegalCareersSupportCybStore
ACCREDITATIONS
Copyright © 2025 CybSafe Ltd. All rights reserved.
Privacy notice
Cookies policy
Terms of website useAccessibility