Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Human factors in remote work: examining cyber hygiene practices
The purpose of this paper is to investigate the cyber hygiene practices of remote workers. This paper used two instruments: first, the Cyber Hygiene Inventory scale, which measures users’ information and computer security behaviors; second, the Recsem Inventory,...
On demand webinar: Demonstrating security awareness value to senior stakeholders
ON DEMAND WEBINARDemonstrating security awareness value to senior stakeholders.An expert walk-through of turning basic metrics into senior buy-in.Are you fed up with throwing basic metrics (training completion rates, simulated phishing clicks) at your leadership team...
Forrester pronounces security awareness official. Now what?
Human risk management is…official!Reflections on Forrester’s Human Risk Management Solutions Landscape, Q1 2024Not another cybersecurity report!How we think about HRM matters (a lot).We’ve set the scene. Time to dig into the report.What makes CybSafe’s approach to HRM...
Banking on trust: How consumer banking behavior is swayed by security
Banking on trust: how consumer banking behavior is swayed by security. Cybersecurity posture influences bank choice for 1 in 5 consumers. Security. Loyalty. Persuading internal stakeholders to invest in cybersecurity can be mildly rage inducing. But it’s more than...
23% of people consider cybersecurity posture when choosing a bank, as customer expectations move beyond compliance
With 90% of data breaches expected to include the human element in 2024, consumers are holding banks responsible for their Human Risk Management. Boston, London, 4th April 2024—Almost a quarter (23%) of US and UK consumers have said that a bank’s approach to...
Leveraging situational judgment tests to measure behavioral information security
Situational Judgement Tests (SJTs) are a multidimensional measurement method commonly used in the context of employment decisions and widely researched in the field of industrial and organizational (I-O) psychology. However, the use of SJTs in the field of information...
Measuring technical and human factors of a large-scale phishing campaign
In an era dominated by digital interactions, phishing campaigns have evolved to exploit not just technological vulnerabilities but also human traits. This study takes an unprecedented deep dive into large-scale phishing campaigns aimed at Meta’s users, offering a dual...
Information security Awareness: identifying gaps in current measurement tools
This paper describes the key role of information security awareness (ISA) in organizational attempts to comply with their information security policies and mandated frameworks and regulations. The design, implementation, and evaluation of Security Education Training,...
Information security culture: A look ahead at measurement methods
The information security culture field is a complex research area that does not currently have a standardized term, definition, and measurement process for organizations of various sizes, industries, and locations. While information security culture is still a...
Measuring the security culture in organizations: a systematic overview of existing tools
There has been an increase in research into the security culture in organizations in recent years. This growing interest has been accompanied by the development of tools to measure the level of security culture in order to identify potential threats and formulate...
A systematic review of scales for measuring information security culture
Purpose – The concept of information security culture, which recently gained increased attention, aims to comprehensively grasp socio-cultural mechanisms that have an impact on organizational security. Different measurement instruments have been developed to measure...
The human factor in phishing: collecting and analyzing user behavior when reading emails
Phishing emails are constantly increasing their sophistication, and typical countermeasures struggle at addressing them. Attackers target our cognitive vulnerabilities with a varied set of techniques, and each of us, not trained enough or simply in the wrong moment,...
Exploring the evidence for email phishing training: A scoping review
Background: Phishing emails are a pervasive threat to the security of confidential information. To mitigate this risk, a range of training measures have been developed to target the human factors involved in phishing email susceptibility. Despite the widespread use of...
Knowledge articulation: the secret sauce in GenAI for security awareness
How knowledge articulation in GenAI supports security awareness, learning, and collaboration—and how to fully unlock its potential GenAI models like ChatGPT, Google Gemini, and DALL-E are wowing the world with their content creation powers. Many of us don't realize...
How do professionals assess security risks in practice? An exploratory study
There are a number of standards and frameworks for security risk assessment; however, it appears that their application and adaptation to real organisational practices are rather limited. This paper reports some results from inquiries into risk assessment practices of...
Fortifying healthcare: An action research approach to developing an effective SETA program
Organizations continue to use security education training and awareness (SETA) programs to reduce the number of cybersecurity incidents related to phishing. A large healthcare organization contacted the authors to share that they continued to struggle with the...
How to keep your information secure? Toward a better understanding of users security behavior
Use of computers and the Internet is an integral part of our lives, with business becoming more digital. As a result, individuals are using their home computers to perform diverse tasks and to store sensitive data. This paper investigates the relative efficacy of two...
A systematic review of current cybersecurity training methods
Cybersecurity continues to be a growing issue, with cyberattacks causing financial losses and loss of productivity and reputation. Especially in an organisational setting, end-user behaviour plays an essential role in achieving a high level of cybersecurity. One way...
A taxonomy of SETA methods and linkage to delivery preferences
Cybersecurity threats targeting users are common in today’s information systems. Threat actors exploit human behavior to gain unauthorized access to systems and data. The common suggestion for addressing this problem is to train users to behave better using SETA...
Habit
This paper discusses three distinct concepts related to habits: the differences between habitual and non-habitual states of consciousness; a hierarchy of habits; and the development of habits which depends on repetition, attention, intensity of the experience, and the...
GenAI for security awareness: Can GenAI’s predictive analytics transform tired training?
Content creation is just one piece of the puzzle. If you’re using GenAI for security awareness content, you need the adaptive advantage… Everyone's talking about GPT (and not much else) It’s no secret. We’re at the start of a Generative AI (GenAI) revolution. GenAI...