Enabling the human firewall

Publish date:

Designing and developing a security education and awareness programme that equipped every employee to fight cybercrime.

Technology alone can’t protect organisations from cybercrime. Employees are critical too. Something our client, one of the UK’s largest Government departments, was well aware of. Which is why it asked us to come up with a security education and awareness programme that would create a workforce of fervent security champions.

The situation

Our client needed a security education and awareness programme that was much more engaging. Much more in keeping with its current risks and threats. And which addressed the issue that those in the security team were seen as ‘blockers’ to change – and their input was rarely sought by the wider organisation.

The solution

We created a multi-disciplinary team of strategy, creative, marketing and security experts who delivered:

  • A clear strategy for the programme – based on a thorough exploration of the key security risks and behavioural challenges linked to the organisation’s people.
  • A new security brand and creative framework – which repositioned the security team as ‘partners rather than policemen’.
  • A new agile campaign delivery model – that responds to emerging security risks and delivers easy to understand gamified guidance.
  • A plan for developing and engaging a network of volunteers – enthusiasts who’d deliver campaigns to front-line staff and act as ambassadors of change.
  • A campaign delivery roadmap – one that encourages tangible quick wins to build momentum while setting the organisation up for strategic change.

The result

  • An eye-catching, friendly brand with unprecedented reach
    As a result, it’s generated strong goodwill and interest among senior stakeholders who are cascading the message into their business areas.
  • Simpler, easier to follow security policies
    By streamlining the security policies and supporting guidance, we’ve made it easier for employees to understand and live up to their security responsibilities.
  • Increased awareness of phishing risks
    Phishing simulation exercises have equipped everyone to spot and report phishing emails and prevent security breaches.
  • A stronger security culture
    Our client’s workforce is much more security conscious. There’s been a dramatic increase in the number of calls to the security helpdesk and visits to the security portal for instance. Legal and regulatory compliance has also improved.

Related Resources

Public Sector

Transforming digitally to make services more accessible

Faster, more efficient personalised services. That’s what the public want. And that’s what we...

Public Sector

Delivering a world-class analytics platform

We created one central IT platform capable of handling a wealth of data – and placed insights...


By continuing to navigate on this website, you accept the use of cookies.

For more information and to change the setting of cookies on your computer, please read our Privacy Policy.


Close cookie information