BEYOND COMPLIANCE
STRENGTHENING DATA SECURITY THROUGH BEHAVIOURAL INSIGHTS

CHALLENGE

Data breaches remain one of the most pressing risks for organisations, often resulting not from technical failures but from human behaviour. While security policies exist, employees frequently engage in unintentional risky behaviours due to cognitive overload, habit, or a lack of engagement with existing training. The challenge was to move beyond traditional compliance-based approaches and create behaviourally informed solutions that make secure data practices intuitive and actionable in real workplace contexts.

PROJECT OVERVIEW

To address this, we conducted a behavioural analysis of security-related decision-making across the organisation. Using expert interviews and surveys, we identified the psychological and contextual factors influencing data security behaviours. Rather than relying solely on mandatory training, we explored how security awareness naturally fits into employees’ daily interactions—from email design to informal conversations.
Working closely with designers and organisational stakeholders, we developed an interactive training experience that integrated behavioural principles, making security engagement more relevant, practical, and memorable.

WHAT WE DID

  1. Behavioural Research & Analysis

    • Conducted expert interviews and employee surveys to uncover behavioural barriers to secure data handling

    • Mapped security decision points, identifying moments of risk and opportunities for intervention

    • Analysed real workplace contexts (email design, informal conversations, and system workflows) to understand how security behaviours are shaped

  2. Intervention Design

    • Collaborated with designers to develop an engaging, interactive training programme informed by behavioural insights

    • Created contextual prompts within workplace systems to reinforce secure habits

    • Developed communication strategies that framed security as a shared responsibility, making best practices easier to adopt

  3. Stakeholder Collaboration

    • Worked with internal teams to ensure recommendations aligned with existing organisational processes

    • Facilitated interactive workshops to identify behavioural challenges in data security and co-develop solutions that integrate seamlessly into daily workflows

    • Ensured solutions were practical, engaging, and adaptable across different teams and roles

OUTCOME

This project resulted in a behaviourally informed security framework that embedded data protection into workplace culture. By addressing security challenges through real-world workplace interactions, rather than relying on passive compliance training, employees developed stronger, more intuitive security habits leading to a more resilient organisation.