Over recent decades, organisations have spent countless millions on information security awareness activities. The rationale behind this approach was to take their biggest asset: people, and change their behaviour, thus reducing risk, by providing them with knowledge of their responsibilities and what they need to do. But have these activities succeeded? Information gathered from ISF Members would tend to indicate not, or at least not fully.

The full report concludes that continuing to do more of the same is not an option; but neither is doing nothing. A new approach is required altogether if organisations want their people to become their strongest control. Leading ISF Members have started to adopt new approaches and are reaping the benefits.

Executive Summary

From Promoting Awareness to Embedding Behaviours: Secure by choice, not by chance

Please fill out the form below to download a complimentary Executive Summary.