- are you

Creative ways to achieve compliance

Spark, our new publication designed to ignite and inspire fresh thinking, explores measurement across communications disciplines. Does better measurement inevitably lead to better communications? Or are metrics a distraction from building inspiring, enlightening and engaging messages? In this article we’ll explore how to move from base compliance to behaviour change in cyber security campaigns.

This article initially appeared in Spark, issue #1. Download the full report here


Cyber Security - The weakest link

Sometimes a business’s metrics show up something so critical that it’s up to each and every member of staff to assess and modify their behaviour and working practices. Impact may be measured in thousands - even millions - but action comes down to the individual. PwC research found nearly 9 in 10 large organisations suffer some form of security breach; cyber security is now a challenge for every organisation. When business as usual isn’t good enough, creativity might be the key you need to lock things down.

An attack isn't possible - it's inevitable

From Sony to TalkTalk, the exponential acceleration of cyber security-related risks has elevated cyber security from the CIO’s agenda to the CEO’s. State-of-the-art systems and processes can provide some protection, but anywhere we see people, criminals see attack vectors.

The problem is that cyber security is often seen as IT’s problem. And no wonder – we need to keep track of so many things to be effective at our own jobs: managing teams, sales targets, innovation, communications objectives, customer deliverables, controlling costs, keeping pace with best practice; few of us feel we have the time for yet another process. We certainly don’t have the capacity to remember yet another password. In the ever-escalating digital arms race between the ‘white hats’ of your cyber security team and the ‘black hat’ hackers seeking to penetrate your company’s defences. The weakest link might well be one of your colleagues, unless they’re kept informed, equipped and aware.

Compliance isn't enough

Influencing employee behaviour means going beyond traditional compliance awareness. Cyber security is often perceived as a dry, dull and complex subject and the annual policy ‘sheep dip’ probably isn’t helping the matter. Policy is a necessary foundation but it’s not sufficient. If you don’t bring it to life for people they won’t be able to engage with it.

We’re currently helping a number of global clients to address these business risks by developing insightful, creative – and sometimes playful – communication campaigns designed to help employees understand the risks and what they must do to mitigate them.

Action can (and should) be measured

Our campaigns are designed to drive action; key to our planning is identifying what behaviour change you need to evidence. What specifically do we want employees to think, feel and do differently at each stage of the campaign against each identified area of risk? We have established measures that provide our clients with ongoing insight and which assess employee attitudes and behaviours against pre-campaign benchmarks. These metrics not only track the effectiveness of activity, but also provide crucial insight for developing future activity to ensure the change sticks.

Our model drives change

Our measurements are developed for each client using a four-stage approach which looks at key areas for change focus and resultant change measurement. Measures of engagement themselves can be often used to amplify employee engagement. Crowd instinct can be harnessed to boost the campaign by using the results and targets as motivators in themselves.

Download the full report here