I don’t normally choose Phishing as a research topic because I think the literature is saturated with insights. However, I see that many companies struggle with a few important details when it comes to Phishing simulations: What is the optimal Phishing simulation click rate and what it entails How to achieve the optimal Phishing simulation...
Perfecting your phish simulations — The 85% sweet spot for optimal learning
How to deal with individuals who repeatedly fail phishing simulations
In most companies, a small percentage of employees repeatedly fail phishing simulations. These “repeat responders” should be addressed through frequent phishing exercises to build muscle memory in identifying a phish. The cybersecurity team should work to identify what other resources are needed to reduce the tendency for repeat responders, i.e., identify process or technology updates...
How can you improve cyber security awareness in your organisation?
A short blog post on how the gamification of cyber security awareness campaigns can raise cyber security awareness and change organisational culture.
How to combat insider threat using behavioral science
Understanding human behaviour – and noticing an individual's deviation from an expected behaviour – can help prevent and mitigate insider threats.
Improving your security awareness campaigns: Examples from behavioral science
This short blog post suggests cyber security awareness campaigns should not be run by IT but by human resources or standalone departments; that companies should quantify risks to guide cyber security investments; that awareness campaign effectiveness should be measured and that goals of awareness campaigns should be long-term behaviour change.