Awareness, Behaviour & Culture

The effectiveness of any organisations strategy for information security is entirely dependent on how people behave.

Whilst some security outcomes can be managed through the use of technology, many are almost entirely down to the choices people make as to whether to comply or not with policy.

If we want people to make positive security choices, it’s not enough to simply tell them what we want them to do. We need to understand how they make decisions in the first place. Once we figure that bit out, we’re more likely to help them make better choices.

At Marmalade Box we help you to demonstrably change awareness, behaviour and culture in your organisation. We do this by using our SABC™ framework, which is a management process that information security professionals will instantly feel at ease with whilst being able to address security awareness, behaviour and culture.

SABC™ is based on Nobel-prize winning science and uses the latest insights in behavioural and organisational science, change management and culture. We combine this with ingenious communication strategies, which we know will influence levels of awareness, behaviour and culture.

Effectively managing the human factor requires you to leverage your internal expertise and get input from multiple departments. SABC™ brings the best from all business functions to help organisations manage this key risk.

Our specialist support and training can help you to bring your departments together behind the your organisation goal and our SABC™ system provides the roadmap for all teams to follow.

We can train, facilitate, guide you and keep you on track.

“I’ve experienced a steady shift in our business culture to incorporate security practices into our day to day activities. Bruce and Marmalade Box tell a compelling story for the Board and our employees and I’d be happy to recommend them.”

Finance Director
Marketing Agency

Book a security awareness, behaviour & culture workshop

[mb_product_findoutmore link=”/training/”]


Awareness and education on their own are not enough in the digital world to protect your organisation. Just because people are aware that their behaviour needs to change doesn’t mean that they will behave differently. Awareness whilst helpful is just the beginning.


If you want to change how people behave in your organisation, you need to understand how behaviours are formed and influenced. Without this you’re wasting your time, money and resources. We can help you to cultivate the behaviours needed for positive security outcomes.


The focus needs to change from awareness and behaviour, to behavioural and cultural change.
An organisational culture where security values are the everyday norm, is what will make the ultimate difference to your organisation. Employee-led security is the answer to today’s cybersecurity challenge.

Click to access the login or register cheese