Research

Literature reviews and research reports

The Buy-in Problem

Why privacy and security awareness programmes rarely fail because of the e-learning, but because of a lack of management involvement, and how to get management on board after all.

📅 5 July 2026 ⏱️ 18 min
Read report

Measuring what counts

Why awareness programmes mostly report participation instead of knowledge, behaviour and risk reduction, how the research says you should measure it, and what logical place engaging formats such as games and escape rooms deserve.

📅 28 June 2026 ⏱️ 23 min
Read report

The difference between security awareness and privacy awareness

Science breaks security awareness down into knowledge, attitude and behaviour, and privacy awareness into perceiving, understanding and applying. That very difference explains why security calls for behaviour change and privacy for the application of knowledge, and why a single training format falls short for both subjects.

📅 21 June 2026 ⏱️ 17 min
Read report

The Vulnerable First Months

Why the first months of employment are a vulnerable period, across the full breadth of security awareness, and what science says about the timing and form of the first training.

📅 14 June 2026 ⏱️ 11 min
Read report

The Attention Problem

Why phishing simulations alone do not make employees better at recognizing phishing, and which approach is actually supported by research.

📅 6 June 2026 ⏱️ 14 min
Read report