It’s time to rethink security awareness
Most organisations are doing everything they’re supposed to. Security awareness training is delivered, campaigns are running, and phishing simulations are in place.
But when incidents happen, the same patterns keep appearing: employees clicking convincing phishing emails, sharing sensitive data in the wrong place, or falling for impersonation attempts that feel completely legitimate. The problem isn’t effort, it’s the model.
This research report, based on insights from 200 CISOs across Europe, explores why traditional security awareness programmes are falling short, and what needs to change to actually reduce human cyber risk.
Why 78% of CISOs believe their approach to security awareness needs to evolve
The 5 biggest challenges holding organisations back, from generic content to poor measurement
What a modern, risk-led approach to human behaviour actually looks like in practice
The practical steps organisations are taking to move towards human risk management
Who this report is for
This report is designed for organisations looking to move beyond traditional awareness programmes and take a more strategic approach to human cyber risk.
It’s particularly relevant for:
- CISOs and security leaders responsible for managing human risk
- IT and security teams looking to improve awareness effectiveness
- HR, compliance and L&D teams shaping employee behaviour and culture
- Senior leaders who need clearer visibility into cyber risk and ROI
If you’re responsible for reducing risk, influencing behaviour, or proving the impact of security initiatives, this report will give you a clear path forward.
Make Security Awareness Work
Take the next step. Move beyond awareness.
Shift to a risk-led approach, influence real behaviour, and start reducing human cyber risk with MetaCompliance.
