Reimagining Security Awareness Training

"Cybersecurity is as much about people as it is about technology, with industry figures indicating that up to 90% of cyber-attacks start with a human user. Security Awareness (measures by which IT users are familiarised with cybersecurity risks) is therefore increasingly a cornerstone of enterprise security programmes. This trend is also driven by organisations' need to comply with relevant standards and regulations (e.g. ISO27001, EU NIS Directive) that include the need for security training.

The core problem that our proposed project addresses is the difficulty that enterprises face motivating staff to complete Security Awareness training and hence to comply with policy.

Our project seeks to do this via a human-centred research and design project to explore opportunities and innovate based on the needs and behaviours of both the staff who are the target audience of such training, and on the requirements of enterprise practitioners who are responsible for delivering the training to staff. Our project calls these objectives _RETHINK_ (staff engagement) and _REFRAME_ (practitioner engagement) respectively. Our aim is to generate new ideas for more effective and desirable (digital) products in this space."