Over recent decades, organisations have spent countless millions on information security awareness activities. The rationale behind this approach was to take their biggest asset: people, and change their behaviour, thus reducing risk, by providing them with knowledge of their responsibilities and what they need to do. But have these activities succeeded? Information gathered from ISF Members would tend to indicate not, or at least not fully.

The full report concludes that continuing to do more of the same is not an option; but neither is doing nothing. A new approach is required altogether if organisations want their people to become their strongest control. Leading ISF Members have started to adopt new approaches and are reaping the benefits.

Executive Summary

From Promoting Awareness to Embedding Behaviours: Secure by choice, not by chance

Please fill out the form below to download a complimentary Executive Summary.

Please provide your details to download this document:

The Information Security Forum (ISF) is a data controller for the personal data collected on this website.

For information on how we collect and use your personal data, please read our Privacy Notice.

Please read and agree with our Terms Of Use.

From time to time, the ISF would like to contact you regarding our latest products, services and events.

By ticking the relevant boxes below, please indicate your preferences on how you want to be contacted:

You can update your preferences at any time, or withdraw consent after submission by going to the ‘Already Registered’ tab.

Please enter the email address you previously registered with to access the download:

You have previously downloaded from our website. For more information on how we use your personal information, please see our Privacy Notice.

Please refamiliarise yourself with our Terms Of Use.

To update your preferences on how you would like to be contacted by the ISF, please indicate below:

To unsubscribe from all ISF communications. Click here: