We know what works and what doesn’t when it comes to behaviour change.

At CybSafe, we’re building a future that reshapes the way organisations approach human cyber risks. We see science as an integral part of understanding human behaviour.

This is why we are equally committed to providing organisations with measurements, metrics, indicators and insights around their human cyber risk and also studying the science of cyber security. Science has been an integral part of CybSafe since day one. We recognise that the only way to know if we are achieving our goal of improving cyber security behaviour in organisations is to measure it.

That’s where research and analysis comes in. There are hundreds of cyber security companies focussing on human cyber risk, but CybSafe is one of the only ones committed to advancing the field of cyber security behavioural science.   In fact, we are one of the few organisations of our type with a dedicated behavioural science team focused on research and analysis.


Our work

Understanding the science of human behaviour is key to building a future that reshapes the way organisations approach human cyber risks and our Research and Analysis work is based on three key principles:

Insights and best practice from psychology to change behaviour

Scientifically evaluated to know what works in changing behaviour and why

People-centric so that people are both productive and secure at work

Meaningful Metrics for Human Cyber Risk image

Meaningful Metrics for Human Cyber Risk

In this whitepaper, we outline the CybSafe approach to applying behavioural science, how it’s embedded in everything we do and how our products drive behaviour change in employees.

Measuring Cyber Security Culture blog image

Measuring Cyber Security Culture

This whitepaper reveals how today’s security teams can build a secure culture. Following characteristically thorough research, lead author Dr. John Blythe explains why secure cultures are few and far between and how to build a secure culture in your organisation.

behaviour change whitepaper preview image

Behaviour Change whitepaper

In this whitepaper, we outline the CybSafe approach to applying behavioural science, how it’s embedded in everything we do and how our products drive behaviour change in employees.

Dr. John Blythe, CPsychol
Dr. John Blythe, CPsychol

Head of Behavioural Science

The CybSafe Research & Analysis Team have been designing and delivering behaviour change for nearly a decade. They focus on using behavioural science to reshape the way organisations approach human cyber risks. The team comprises of researchers with backgrounds in psychology, cyber security and cybercrime.

The team is led by Dr John Blythe, our Head of Behavioural Science, who is a Chartered Psychologist with the British Psychological Society and an Honorary Research Fellow at the UCL Dawes Centre for Future Crime. John has a PhD in the psychology of cyber security and prior to CybSafe, worked for a number of universities including the Centre for Behaviour Change at University College London leading on human aspects of cyber security projects. He was also a behavioural scientist at the Department for Digital, Culture, Media and Sport advising on behaviour change strategy for cyber security and co-wrote the recent “Secure by Design: Improving the cyber security of consumer Internet of Things” policy review.   

Research Collaborations

Our product is developed and maintained through research and in collaboration with world-renowned academic research partners. We want to protect people online by building the best product we can whilst also contributing to academic knowledge and government policy.  Only through collaboration and policy impact can we help to address the wicked problem of cyber security and keep people, businesses and nations safe online.


CybSafe collaborates with a number of academic institutions (UCL, University of Bath, University of Bristol, Bournemouth University, University of Kent and Northumbria University). Here is some of the work we currently lead on or are involved in:


Simulated Phishing and Employee Cyber security behaviour (SPEC) is led by CybSafe in conjunction with the University of Bath. Funded by the Centre for Research and Evidence on Security Threats the project explores the impact of simulated phishing emails on employee awareness and work-based outcomes such as productivity and trust. Read more about the project here


PHISHTRAY is a modifiable open source e-tray software for research and training applications related to social engineering for use in academia and industry. Funded by CPNI and developed by behavioural scientists from the University of Bath and University of Bristol in conjunction with CybSafe.


Gentle Interventions for Security led by Dr. Emily Collins at the University of Bath is developing and evaluating “gentle interventions” using ambient displays, across the home and workplace, to create healthy and habitual cyber security behaviours.

Dawes Centre for Future Crime

The Dawes Centre for Future Crime part of the Security and Crime Science department at UCL.identifies emerging crime threats that arise from greater internet connectedness and works towards delivering pre-emptive interventions for the benefit of society.


The SPRITE+ hub brings together people involved in research, practice, and policy relevant with a focus on digital contexts. We are are a project partner helping to identify the future challenges of security, privacy, identity & trust in the digital world.

University of Kent

Led by Dr. Jason Nurse and starting in Summer 2020, we will be supporting a PhD programme exploring the cyber security issues faced by technology users in the home environment with a focus on behaviour change interventions for different home users (such as adults, teenagers) with emerging Internet of Things  technology,


The PETRAS Internet of Things Research Hub is a consortium of nine leading UK universities which explore critical issues in privacy, ethics, trust, reliability, acceptability, and security related to Internet of Things technology. We currently support the Consumer Security Index project, exploring labelling schemes for consumer products and the Cyber Hygiene project, exploring behaviour change  interventions for cyber security behaviour.


CybSafe is an associate partner of the Centre for Research and Evidence on Security Threats a national hub delivering world-class, interdisciplinary portfolio of activity maximising the value of behavioural and social science research to understanding, mitigating and countering threats to national security.

Government and regulators

We are supporting the FCA and the financial services sector by facilitating discussion and leading exploration into how firms should measure, address and report on people-centric cyber security risk and resilience (awareness, behaviour and culture) within their organisations.

We are working with the Cyber Security and Data Protection Directorate on improving cyber resilience in UK organisations.

The socio-tech group within of NCSC focus on how technology interacts with people, process and technology. We are working with NCSC on people-centric security and their awareness and behaviour change guidance.

Research Advisory Group

We strive to make sure that we are doing the best work possible.  As such, we have a Research Advisory Group, comprising of leading cyber security experts, who provide independent high-level strategic advice and input into the development of the Research and Analysis activities conducted at CybSafe.

Prof. Adam Joinson

Prof. Adam Joinson conducts inter-disciplinary research on the interaction between human behaviour and technology, he is programme lead for the national Centre for Research and Evidence on Security Threats, as well as, running funded projects on individual susceptibility to malevolent influence techniques (e.g. phishing), communication accommodation, and behaviour change and technology.

Prof. Lynne Coventry

Prof. Lynne Coventry is the Director of PaCT (Psychology and Communication Technology) at Northumbria University. She is an applied researcher who is keen to explore new ways of integrating psychology into design and technology development processes.

Prof. Shane Johnson

Prof. Shane Johnson is the Director of the Dawes Centre for Future Crime at UCL. He has worked within the fields of criminology and forensic psychology for two decades, and his research has explored how methods from other disciplines can inform understanding of crime and security issues.

Dr. Emily Collins

Dr. Emily Collins is a behavioural scientist in the Applied Digital Behaviour Lab at the University of Bath. With a background in Psychology and Human Computer Interaction, Emily specialises in cross-disciplinary research focusing on how technology can support and benefit users, especially in relation to cyber security behaviours.

Dr. Jason Nurse

Dr. Jason Nurse is an Asst. Professor in Cyber Security at the University of Kent. He is also a Visiting Academic at the University of Oxford and a Visiting Fellow in Defence and Security at Cranfield University. His research investigates the human and psychological aspects of cyber security, privacy and trust

Dr. Emma Williams

Dr. Emma Williams is a Chartered Scientist, Chartered Psychologist and Associate Fellow of the British Psychological Society. She has particular expertise in the area of online behaviour and human aspects of cyber security and cyber crime, using a range of research methods to investigate these areas.

NCSC Researcher

A senior researcher from NCSC’s Sociotechnical Security Group

Resources & Events

Resources Centre

The world’s first globally accessible archive of research into the human aspect of cyber security and behavioural science as applied to cyber security awareness and online behavioural change.

Find out more

Sabs4cyber: Social and Behavioural Science for Cyber Security Conference

We are proud to support and host this incredible community and event here at Level39. It highlights the contributions social and behavioural science can make to cyber security challenges. SABS4CYBER showcases the latest research, provides facilitated networking opportunities, and is a forum to explore future social and behavioural science research directions in cyber security.

Find out more

PeepSec 2019

The PeepSec Summit is an official London Tech Week event and takes place during the week itself. It is an online summit, is 100% free for delegates, and is the only one of its kind focused exclusively on the human aspect of cyber security and privacy. Its aim is to spread ideas and concepts that positively reinforce the secure connection between people and technology, whilst exploring the important issues that arise as our society evolves to become more digitised, interconnected and interdependent.

Find out more