Theory behind the SAFE Awareness and Behavior Program

Our SAFE program is based on scientific insight and combined expertise

Combination of expertise

People’s behavior and information security are two different disciplines. We would never ask a psychologist to build a firewall. But a lot of awareness programs do rely on security specialists to influence people’s behavior.

For effective protection against human errors, you need the expertise of psychologists and security specialists. That’s why Secura’s SAFE program was designed by a team of both.

For an effective awareness program you need both psychologists and cybersecurity experts

No ‘one size fits all’

We do not believe in 'one size fits all' solutions. So we tailor our interventions to achieve the goals for your specific focus groups. Any intervention is aimed at removing the barrier to the desired behavior. SAFE has a toolkit of a carefully selected collection of different interventions.

These interventions vary according to topic (e.g., following strong passwords or classification rules), influencing strategy (e.g., increasing motivating, educating or encouraging), and resources (e.g., demos, attention grabbers such as posters or video material, or ambassadorship).

Continuous, stimulating focus

Information security for and by employees is not a one-off project. For most employees, it is not their most important task, so their attention can wane. That means it is a must to focus continuously on information security, in a way that is stimulating - not boring - and keeps people on their toes.

Behavior is the result of three factors:



Knowledge refers to what a person knows and understands about a subject, in this case information security. Knowledge is the factor most focused on in awareness-based efforts, such as e-learnings and classroom trainings.



There are different kinds of motivation. For instance: intrinsic motivation, which means behaving in a certain way because it is important to you. Or extrinsic motivation, which means behaving in a certain way because of an external goal.



Are you actually able to behave a certain way, or do circumstances make it impossible? Behavior is determined by opportunity. Context and culture are the most important aspects of opportunity. The culture of an organization has a major impact on behavior.

To change behavior you will have to address each of these three factors

SAFE focuses on repeated attention to all three of these factors. That means SAFE goes beyond traditional awareness programs that usually focus on knowledge.

In addition, SAFE carefully identifies any barriers to the desired behavior: why are employees not doing what we would like them to do? You can only take the right steps to remove this barrier, if you know what is holding people back from certain behavior.

Sometimes the barrier is a gap in knowledge, but often the barrier stems from, for example, a lack of motivation, bad experiences or culture within the organization that does not support the goals.

People are not the weakest link, if you...

Focus on safe behavior as an end goal

Combine cybersecurity and psychology

Focus on all factors that determine behavior

Measure what your employees need, to behave safely

Match the needs of your employees with tailored interventions


Do you have a question about our SAFE Security Awareness Program? Contact us now.


More Information

SAFE - Security Awareness & Behavior Program

Article image

How do you raise cybersecurity awareness of your people? Discover Secura's SAFE Program to promote cyber safe behavior in your organization.

Social Engineering Program

Article image

Did you know that hackers are using your employees to attack your business? That's a bit of a shock, isn't it?! Through your employees, hackers can try to gain access to your company, the weakest link in your IT security. Improve your cybersecurity through a social engineering audit!

Cybersecurity Awareness E-Learning

Article image

Do your employees know what they need to do to manage their contacts, systems and company data of your organization safely? Secura has compiled common examples into e-learning modules what employees need to know in order to behave safely regarding topics within information security & privacy.


Secura is a leading cybersecurity expert. Our customers range from government and healthcare to finance and industry worldwide. Secura offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience.

Secura is a Bureau Veritas company. Bureau Veritas (BV) is a publicly listed company specialized in testing, inspection and certification. BV was founded in 1828, has over 80.000 employees and is active in 140 countries. Secura is the cornerstone of the cybersecurity strategy of Bureau Veritas.