Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Demystifying the EU AI Act
The EU AI Act, also known as the Artificial Intelligence Act, is the world’s first comprehensive piece of legislation directly governing artificial intelligence (AI). It comes into effect in 2025 and brings with it strict requirements. Its objective is to ensure the...
The Impact of Workload on Phishing Susceptibility: An Experiment
Phishing is when social engineering is used to deceive a person into sharing sensitive information or downloading malware. Research on phishing susceptibility has focused on personality traits, demographics, and design factors related to the presentation of phishing....
The Behavior Grid: 35 ways behavior can change
This paper presents a new way of categorizing behavior change in a framework called the Behavior Grid. This preliminary work shows 35 types of behavior along two categorical dimensions. To demonstrate the analytical potential for the Behavior Grid, this paper maps...
Employee behavior: the psychological gateway for cyberattacks
Purpose – Cyberattacks have become a major threat to small and medium-sized enterprises. Their prevention efforts often prioritize technical solutions over human factors, despite humans posing the greatest risk. This article highlights the importance of developing...
Who cares about cybersecurity awareness month?
We asked a thousand users. Here’s what they said… 1/4 of respondents are aware of Cybersecurity Awareness Month 60% of the people who do not participate in CAM think their organization sees cybersecurity as unimportant 80% of participants are concerned with personal...
Cybersecurity Awareness Month participants show 50% higher trust in employer’s security stance
A quarter of respondents are aware of the existence of Cybersecurity Awareness Month (CAM) Of those who participate in CAM, 93% believe their organization sees cybersecurity as an important issue, compared to just 60% of those who don’t participate CAM participants...
Free Cybersecurity Awareness Month Planning Tool
Free Cybersecurity Awareness Month Planning Tool Cybersecurity Awareness Month 2024 (CAM2024) is around the corner… FREE SECURITY AWARENESS PLANNING TOOLDownload our planning tool We’ve released our FREE Security Awareness Planning Tool. Use it to map activities to...
On demand webinar: Maturing SA&T programs into human risk management strategies
ON DEMAND WEBINARMaturing SA&T programs into human risk management strategies.Taking control of your security with HRM.2005 called. They want their security awareness & training (SA&T) program back. Traditional SA&T programs often focus on...
IMPACT 2024: The findings
WHITEPAPERIMPACT 2024: The findings A showreel of fresh insight from IMPACT 2024 Hosted by CybSafe, IMPACT is the free, annual event that shines a spotlight on the latest research into human factors and cybersecurity. Imagine a room (or two) full of the world's...
Demonstrating security awareness value to senior stakeholders
Getting management buy-in by telling “data stories” and articulating outcomes You’re here because you want to reduce human cyber risk. When you started out in this industry, you probably expected something like: reduce risk, enjoy success and glory. By now you know...
On demand webinar: Human risk factors in cybersecurity
ON DEMAND WEBINARHuman risk factors in cybersecurity Understanding people, to reduce people-related security risks Lots of things make people more or less susceptible to cyberattacks. Cybersecurity practitioners work hard to influence those things to bring down...
Critical success factors for security education, training and awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and trained information system (IS)/cyber security professionals elevate the importance of...
Human factors in remote work: examining cyber hygiene practices
The purpose of this paper is to investigate the cyber hygiene practices of remote workers. This paper used two instruments: first, the Cyber Hygiene Inventory scale, which measures users’ information and computer security behaviors; second, the Recsem Inventory,...
On demand webinar: Demonstrating security awareness value to senior stakeholders
ON DEMAND WEBINARDemonstrating security awareness value to senior stakeholders.An expert walk-through of turning basic metrics into senior buy-in.Are you fed up with throwing basic metrics (training completion rates, simulated phishing clicks) at your leadership team...
Forrester pronounces security awareness official. Now what?
Human risk management is…official!Reflections on Forrester’s Human Risk Management Solutions Landscape, Q1 2024Not another cybersecurity report!How we think about HRM matters (a lot).We’ve set the scene. Time to dig into the report.What makes CybSafe’s approach to HRM...
Banking on trust: How consumer banking behavior is swayed by security
Banking on trust: how consumer banking behavior is swayed by security. Cybersecurity posture influences bank choice for 1 in 5 consumers. Security. Loyalty. Persuading internal stakeholders to invest in cybersecurity can be mildly rage inducing. But it’s more than...
23% of people consider cybersecurity posture when choosing a bank, as customer expectations move beyond compliance
With 90% of data breaches expected to include the human element in 2024, consumers are holding banks responsible for their Human Risk Management. Boston, London, 4th April 2024—Almost a quarter (23%) of US and UK consumers have said that a bank’s approach to...
Leveraging situational judgment tests to measure behavioral information security
Situational Judgement Tests (SJTs) are a multidimensional measurement method commonly used in the context of employment decisions and widely researched in the field of industrial and organizational (I-O) psychology. However, the use of SJTs in the field of information...
Measuring technical and human factors of a large-scale phishing campaign
In an era dominated by digital interactions, phishing campaigns have evolved to exploit not just technological vulnerabilities but also human traits. This study takes an unprecedented deep dive into large-scale phishing campaigns aimed at Meta’s users, offering a dual...
Information security Awareness: identifying gaps in current measurement tools
This paper describes the key role of information security awareness (ISA) in organizational attempts to comply with their information security policies and mandated frameworks and regulations. The design, implementation, and evaluation of Security Education Training,...
Information security culture: A look ahead at measurement methods
The information security culture field is a complex research area that does not currently have a standardized term, definition, and measurement process for organizations of various sizes, industries, and locations. While information security culture is still a...