This study used two techniques to ensure people accurately reported attitudes on information security in the workplace. A key finding was those who believed information security to be the responsibility of the organisation felt security risks to be overstated, whereas...The “streetlight effect”—originally less flatteringly referred to as the “drunkard’s search”—is a form of observational bias. It recognizes our tendency to look for solutions to problems where it’s easiest to find them, such as under a streetlight. In this article, we...Many organisations run security awareness programmes with the aim of improving end user behaviours around information security. Yet behavioural research tells us that raising awareness will not necessarily lead to behaviour change. In this paper we examine the...This whitepaper discusses human vulnerabilities in full, including what they are, why they occur, how they can be mitigated, the challenges of mitigation and potential areas for further research.