ABOUT CYBSAFE SCIENCE AND RESEARCH
We know what works and what doesn’t when it comes to behavior change.
At CybSafe, we’re building a future that reshapes the way organizations approach human cyber risks.
We see science as an integral part of understanding human behavior.
There are hundreds of cybersecurity companies focussing on human cyber risk, but CybSafe is one of the only ones committed to advancing the field of cyber security behavioral science. In fact, we are one of the few organizations of our type with a dedicated behavioral science team focused on research and analysis.
The CybSafe Science & Research Team have been designing and delivering behavior change for nearly a decade. They focus on using behavioral science to reshape the way organizations approach human cyber risks. The team comprises researchers with backgrounds in psychology, cybersecurity and cybercrime.
Our work
Understanding the science of human behavior is key to building a future that reshapes the way organizations approach human cyber risks and our Research and Analysis work is based on three key principles:
Insights and best practice from psychology to change behavior
Scientifically evaluated to know what works in changing behavior and why
People-centric so that people are both productive and secure at work
Gartner® 5 Communications Tactics to Get People to Take Cyber Risk More Seriously
CybSafe is proud to bring you cutting-edge research in cybersecurity. We’re highlighting a valuable report, Gartner® How to Make Your Cybersecurity Program More Defensible to Stakeholders.
Oh, Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2024-2025
How much does attitude impact behavior— and increase cyber security risk? To answer that question check our annual cybersecurity report
2024 Gartner®, The Security and Risk Management Leader’s Guide to the SEC Disclosure Rules
CybSafe is proud to bring you cutting-edge research in cybersecurity. We’re highlighting a valuable report, Gartner® How to Make Your Cybersecurity Program More Defensible to Stakeholders.
2024 Gartner®, How to Make Your Cybersecurity Program More Defensible to Stakeholders
CybSafe is proud to bring you cutting-edge research in cybersecurity. We’re highlighting a valuable report, Gartner® How to Make Your Cybersecurity Program More Defensible to Stakeholders.
Who cares about cybersecurity awareness month?
We asked a thousand users. Here’s what they said… 1/4 of respondents are aware of Cybersecurity Awareness Month 60% of the people who do not participate in CAM think their organization sees...
IMPACT 2024: The findings
Hosted by CybSafe, IMPACT is the free, annual event that shines a spotlight on the latest research into human factors and cybersecurity.
Imagine a room (or two) full of the world’s leading security minds, all dissecting the human side of cybersecurity.
This report is your cheat sheet to the biggest takeaways in human cyber risk. No fluff, just the juicy bits.
Research Collaborations
Our product is developed and maintained through research and in collaboration with world-renowned academic research partners. We want to protect people online by building the best product we can whilst also contributing to academic knowledge and government policy. Only through collaboration and policy impact can we help to address the wicked problem of cybersecurity and keep people, businesses and nations safe online.
Projects
The team collaborates with a number of academic institutions (University of Bath, University of Bristol, Cardiff University, University of Kent and Northumbria University). Here is some of the work we currently lead on or are involved in:
Cyber Security Quirks
Cyber Security Quirks is funded by the Home Office and part of the Research Institute in Sociotechnical Cyber Security. The project explores the role of personalisation in cyber security behaviour interventions by taking account of individual variability.
SPEC
Simulated Phishing and Employee Cyber security behaviour (SPEC) is led by CybSafe in conjunction with the University of Bath. Funded by the Centre for Research and Evidence on Security Threats the project explores the impact of simulated phishing emails on employee awareness and work-based outcomes such as productivity and trust. Read more about the project here.
PHISHTRAY
PHISHTRAY is a modifiable open source e-tray software for research and training applications related to social engineering for use in academia and industry. Funded by CPNI and developed by behavioural scientists from the University of Bath and University of Bristol in conjunction with CybSafe.
EPSRC
AP4L is a 3-year program of interdisciplinary research, centring on the online privacy & vulnerability challenges that people face when going through major life transitions. Our central goal is to develop privacy-by-design technologies to protect & empower people during these transitions.
CREST
CybSafe is an associate partner of the Centre for Research and Evidence on Security Threats a national hub delivering world-class, interdisciplinary portfolio of activity maximising the value of behavioural and social science research to understanding, mitigating and countering threats to national security.
PETRAS
The PETRAS Internet of Things Research Hub is a consortium of nine leading UK universities which explore critical issues in privacy, ethics, trust, reliability, acceptability, and security related to Internet of Things technology. We currently support the Consumer Security Index project, exploring labelling schemes for consumer products and the Cyber Hygiene project, exploring behaviour change interventions for cyber security behaviour.
University of Kent
Led by Dr. Jason Nurse and starting in Summer 2020, we will be supporting a PhD programme exploring the cyber security issues faced by technology users in the home environment with a focus on behaviour change interventions for different home users (such as adults, teenagers) with emerging Internet of Things technology,
Research Institute in Science of Cyber Security
The Research Institute in Science of Cyber Security is the UK’s first academic Research Institute to focus on understanding the overall security of organisations, including their constituent technology, people and processes. It is now in its second phase.
SPRITE+ hub
The SPRITE+ hub brings together people involved in research, practice, and policy relevant with a focus on digital contexts. We are are a project partner helping to identify the future challenges of security, privacy, identity & trust in the digital world.
Safe as Houses: TIPS in Home Office Environments
As a result of COVID-19, many workplaces had to suddenly transition to remote working, despite a lack of training, remote-working policies, or in some cases, work devices. Coupled with the pressures of working from home in this context (e.g. childcare, impaired work-life balance), this new way of working has changed the risks and challenges surrounding workplace Trust, Identity, Privacy and Security (TIPS). This is exacerbated even further with the increase in cyberattacks specifically targeting remote workers. This work will therefore aim to explore and identify these issues, taking a socio-technical approach and focusing on small and large organisations. Our goal is to provide key, novel insights into the new challenges and tensions in relation to TIPS in these environments, and thereby provide the much-need foundation for approaches to address these issues.
Read more about the project.
Government and regulators
We are supporting the FCA on guidance regarding how firms should measure, address and report on cyber awareness and culture risk within their organisations.
The sociotechnical group of NCSC focuses on how technology interacts with people, process and technology. We are working with NCSC on people-centric security and their awareness and behavior change guidance.
We are working with the Cyber Security and Data Protection Directorate on improving cyber resilience in UK organizations.
Research Advisory Group
We strive to make sure that we are doing the best work possible. As such, we have a Research Advisory Group, comprising of leading cyber security experts, who provide independent high-level strategic advice and input into the development of the Research and Analysis activities conducted at CybSafe.
Prof. Adam Joinson
Prof. Adam Joinson conducts inter-disciplinary research on the interaction between human behaviour and technology, he is programme lead for the national Centre for Research and Evidence on Security Threats, as well as, running funded projects on individual susceptibility to malevolent influence techniques (e.g. phishing), communication accommodation, and behaviour change and technology.
Prof. Lynne Coventry
Prof. Lynne Coventry is the Director of PaCT (Psychology and Communication Technology) at Northumbria University. She is an applied researcher who is keen to explore new ways of integrating psychology into design and technology development processes.
Prof. Shane Johnson
Prof. Shane Johnson is the Director of the Dawes Centre for Future Crime at UCL. He has worked within the fields of criminology and forensic psychology for two decades, and his research has explored how methods from other disciplines can inform understanding of crime and security issues.
Dr. Jason Nurse
Dr. Jason Nurse chairs the Advisory Group and is the Director of Science of Research at CybSafe. Dr Nurse is also a Reader in Cyber Security at the University of Kent. His research investigates the human and psychological aspects of cyber security, privacy and online trust.
NCSC Researcher
A senior researcher from NCSC’s Sociotechnical Security Group
Resources & Events
Research library
IMPACT 2023
