Enabling the human firewall

Technology alone can’t protect organisations from cybercrime. Employees are critical too. Something our client, one of the UK’s largest Government departments, was well aware of. Which is why it asked us to come up with a security education and awareness programme that would create a workforce of fervent security champions. 

The situation

Our client needed a security education and awareness programme that was much more engaging. Much more in keeping with its current risks and threats. And which addressed the issue that those in the security team were seen as ‘blockers’ to change – and their input was rarely sought by the wider organisation.


The solution

We created a multi-disciplinary team of strategy, creative, marketing and security experts who delivered:

  • A clear strategy for the programme – based on a thorough exploration of the key security risks and behavioural challenges linked to the organisation’s people.
  • A new security brand and creative framework – which repositioned the security team as ‘partners rather than policemen’.
  • A new agile campaign delivery model – that responds to emerging security risks and delivers easy to understand gamified guidance.
  • A plan for developing and engaging a network of volunteers – enthusiasts who’d deliver campaigns to front-line staff and act as ambassadors of change.
  • A campaign delivery roadmap – one that encourages tangible quick wins to build momentum while setting the organisation up for strategic change.


The result

  • An eye-catching, friendly brand with unprecedented reach
    As a result, it’s generated strong goodwill and interest among senior stakeholders who are cascading the message into their business areas. 
  • Simpler, easier to follow security policies
    By streamlining the security policies and supporting guidance, we’ve made it easier for employees to understand and live up to their security responsibilities. 
  • Increased awareness of phishing risks
    Phishing simulation exercises have equipped everyone to spot and report phishing emails and prevent security breaches.
  • A stronger security culture
    Our client’s workforce is much more security conscious. There’s been a dramatic increase in the number of calls to the security helpdesk and visits to the security portal for instance. Legal and regulatory compliance has also improved.