ProtectUK publication date
How will you embed the desired security behaviours and culture in your organisation?

Security behaviour change requires a clear vision as well as a coordinated strategy to ensure that interventions are consistent, practical and meaningful.

Before embarking on a change programme, however big or small, it is critical that an organisation is clear on the following:

  • The objectives of the change (i.e. the vision or strategy)

  • The size and scale of the change (i.e. the gap between where the organisation is now and where it wants to be)

  • The actions to implement the change (i.e. the interventions)

  • The organisation is ready for the change (i.e. it has the necessary time, resources and buy-in)

  • How to communicate the change to the target audience and other key stakeholders (i.e. the communications strategy)

  • How to review and evaluate the impact of the change (i.e. the measures of success and key performance indicators


For more information, please visit the NPSA website.

Security Culture
Security measures