Dive into practical advice, research findings, and expert perspectives on building security-aware cultures. Explore evidence-based strategies to strengthen your organization's human security posture.
Moltbook is making headlines. It looks like Reddit, but AI agents are doing the posting, commenting, and upvoting while humans are mostly just watching. In just four days, it's captured attention because of the sheer novelty: agent-to-agent interaction at scale, complete with playful collective narratives and what look like emergent "belief systems."
Read ArticleResearch in organisational behaviour consistently demonstrates that strategic positioning of change agents within social networks significantly accelerates behaviour adoption. Studies show that when change agents are positioned at network connection points and among opinion leaders, behaviour spread occurs 2-3 times faster than random distribution. Yet most Security Champions programmes ignore this evidence, recruiting volunteers without considering their network position.
Read ArticleThe cybersecurity industry has spent two decades trying to "change culture" through awareness training, phishing simulations, and policy mandates. The results speak for themselves: human factors remain implicated in over 70% of breaches, and most organisations report little meaningful improvement despite significant investment. The problem isn't effort. It's the sequence.
Read ArticleSecurity Champions programmes are growing. That is the good news. The harder truth is that many programmes plateau after the initial enthusiasm. Champions attend calls, share comms, complete training, and we still see a lot of the same risky behaviours keep surfacing. This article sets out a modern, practical model for helping champion networks to be more effective agents of behaviour
Read ArticleIf you are looking for a single, high-leverage move to strengthen your security culture in 2026, build (and genuinely enforce) a cyber psychological safety policy. Not a poster. Not a slogan. A clear organisational mandate that tells your people, in plain terms, that raising security concerns, reporting mistakes, and admitting uncertainty will be met with fairness, support, and learning, not blame.
Read ArticleWhile organisations worldwide struggle with a well-documented skills shortage, we simultaneously lack a comprehensive framework that addresses the human and behavioural dimensions of cyber risk management. Technical certifications abound - from CISSP to CEH - but where are the frameworks that guide professionals working at the intersection of human behaviour, psychology, and cybersecurity?
Read ArticleThis article explores what secure and ethical behaviour looks like in an era of agentic AI, how human and AI behaviours intersect, and what you can do to promote safe, responsible use across your organisation. The focus is practical: helping you support innovation while keeping security, safety, and ethics firmly in view.
Read ArticleThe rise of artificial intelligence has been compared to the invention of electricity, the printing press, even the internet itself. But unlike those revolutions, AI doesn’t just extend our capabilities, it begins to mirror them. As we edge closer to the idea of the Singularity – a tipping point where machine intelligence accelerates beyond human control, the most pressing risks won’t come from code alone. They’ll come from us.
Read ArticlePart five of a seven-part series unpacking how the behavioural science concept of choice architecture can be woven into IT architecture, UX/UI, and development lifecycles to nudge, guide, and default users toward secure behaviours – without relying solely on training or policy. Each article will blend behavioural science, secure-by-design principles, and practical application in the technology lifecycle.
Read ArticleDespite years of simulations and mandatory e-learning, phishing continues to succeed. Why? Because too many organisations treat phishing simulations as a one-off training exercise rather than a behavioural challenge. Clicking “next” on an annual training module doesn’t rewire the habits and decision-making shortcuts that attackers exploit every day.
Read ArticleBeneath the firewalls and encryption layers lies a far older human force: our need to belong. This drive for group identity, which has shaped societies for millennia, now shapes how we behave online. This is where cybersecurity meets anthropology, a lens that helps us understand why people in digital spaces form “cyber tribes” and how these tribal affiliations influence behaviours, risk perception, and even compliance with security practices.
Read ArticleIn the first three blogs of this series, we looked at the foundations of choice architecture, the power of secure defaults, and how UX nudges can guide people toward safer decisions. But here’s the challenge: unless these principles are baked into the way we build technology, they risk becoming afterthoughts, nice-to-have features that get dropped when deadlines bite. That’s why the next step is embedding choice architecture into the Software Development Lifecycle (SDLC) itself.
Read Article