NEW: Clarity Factory launches Security Culture research project sponsored by the ASIS Foundation

The Clarity Factory is pleased to announce a new research project on Security Culture sponsored by the ASIS Foundation.

Security culture is gaining prominence. While there is much that organisations do through technology and systems to protect and defend themselves from physical and cyber security breaches, human behaviour is critical. For example, human error surpassed technological flaws as a contributing factor to data breaches in 2024, with 95% of breaches involving human mistakes, according to Mimecast’sState of Human Risk Report

Building and sustaining an effective security culture is made difficult by several common challenges:

  • Competing frameworks for how best to implement and measure programmes to manage the human dimensions of security outcomes: which results in mixed and incoherent approaches, where cause and effect are rarely understood.
  • Lack of clarity about how variables impact the effectiveness of security culture programmes: that leads to the wrong lessons being learned within and between organisations.
  • Paucity of high-quality examples of good practice and case studies on effective security culture programmes: which means organisations fall back on a small number of activities, most of which have a limited impact on security outcomes.
  • Lack of strong business case for security culture: organisational leaders continue to see security culture as nice to have, and prioritise technology and system solutions, despite overwhelming data about the contribution of human error to physical and cybersecurity breaches.

This study, sponsored by the ASIS Foundation, will:

  • Explore and document definitions, competing theories and practices for security culture to understand the full range of ways security culture is understood and delivered.
  • Document the ways in which organisations are delivering security culture activities, including through anonymised case studies.
  • Provide a simple framework for organisations to use to help structure and organise their security culture activities.
  • Offer insights into measurement and metrics to help organisations understand the impacts of interventions and how to prioritise their efforts.
  • Offer actionable insights for those responsible for managing and delivering security culture activities.

As part of the research, we will interview 15 organisations and a range of industry experts, and will produce a series of case studies. The report will be released in mid-2026.

If you want to stay up to speed with this work, subscribe to our newsletter.

If you are a security culture or human risk professional and would like to contribute your expertise, please get in touch.

PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save