20th February 2020
Already announced in September 2018, we can now finally tell you about the ENISA-Report on "Cybersecurity Culture Guidelines: Behavioural Aspects of Cybersecurity". Dr. Thomas Schlienger worked on this report last year, together with Professor Angela Sasse and Professor Adam Joinson.
To produce the report, the authors analysed scientific approaches to behavioural change in cybersecurity. The most commonly occurring models were poorly suited “for understanding, predicting, or changing cyber security behaviour (1)”. Models that demonstrate constructive possibilities are more effective and useful than those that attempt to change behaviour through punishment or fear of threats. An ideal model sensitises and analyses organisations and points out intervention options, “to systematically plan and implement changes to address human aspects of cyber security (2)”. Security specialists and management-level role models are important pillars of a functioning cybersecurity. The process for improving security behaviour should be continuous and iterative. At the end of the report, the authors provide recommendations for different people in charge within a company.
TWISK Security Awareness Radar®, our "Organisational Behaviour Model", demonstrates how to analyse security culture in organisations at different levels and where to intervene. The model identifies specific points for improving cybersecurity culture. Experience shows that behaviour can be positively influenced if the working environment is also changed.
We would be delighted to advise you on our model and how you can achieve effective behavioural changes.
(1): Page 4, 2nd paragraph
(2): Page 4, 4th paragraph