Change and Transformation in the Public Sector
“This Cyber Awareness, Behaviour and Culture team is the first of its kind in Defence and addresses a key element of our organisational cyber resilience: our people. Our technical defences have limited effect if not supported by good everyday behaviours and ‘getting the security basics right’. This means we must place equal emphasis on the ‘human’ aspects of our defences as the technical, working collaboratively to develop a positive security culture that is evident in employee behaviours, led and actively supported by senior leadership and reinforced by all people across the organisation”.
(Christine Maxwell, Director Cyber Defence & Risk (SCS2), MOD CyAB&C Strategy)
Malicious cyber activity is one of the greatest risks that all organisations face today; The Ministry of Defence (MOD) is no different. A cyber aware workforce and organisation is the strongest, most cost-effective solution for combatting cyber-attacks and reducing this risk.
Since 2019, Atkins, a member of the SNC-Lavalin Group, has worked closely with MOD, forming the Cyber Awareness, Behaviour & Culture (CyAB&C) team, which has worked across MOD’s c250,000 personnel to provide meaningful and lasting behavioural change. Working highly collaboratively with the client, Atkins has helped to take the MOD from developing its human cyber strategy, through to its delivery, and building a highly specialised project team of Atkins resource.
The team has focused on delivering novel engagement and behaviour shaping initiatives, engrained with behavioural science and psychology, to ensure that the human elements of MOD’s security become increasingly robust.
This includes activities such as the development and delivery of the “Cyber-Confident” brand, providing a common voice for cyber advice across the MOD, a fictional hacktivist group to make attacks relatable and narrative based (e.g., through stories and shared experiences), a Cyber Escape Room, phishing exercises and behavioural baselining, and activities to encourage MOD personnel to become confident in challenging risky behaviours.
These ground-breaking ideas occurred alongside more traditional methods of engaging and upskilling the workforce.
As a result, the team has delivered:
- 18 monthly cyber awareness campaigns, each with webinars, podcasts, posters and unique engagement methods such as the Escape Room, and collectively garnered hundreds of thousands of “clicks”.
- Built strong “cyber” networks across the organisation through the pan Defence Cyber Awareness Working Group, and delivery of a gamified Cyber Champions Network.
- Saved the MOD c£500k through consolidating and centralising previously disparate cyber advice supply chain contracts.
- Over 60,000 phishing exercise emails exceeding the 20,000 requested by the Secretary of State.
- A series of interventions aimed at senior Defence leaders.
- The Cyber Cultural Surveys (2020 & 2021), which have garnered over 12,000 responses, shaping how CyAB&C responds to the MOD’s needs.
- A pan-Defence Training Needs Analysis and Training Needs Report.
Ultimately, the team has empirically reduced the level of risk faced by Defence, affected change across the organisation, and built a strong reputation as the “go-to team”, receiving praise and interest from across Defence and other government departments.
View the Atkins profile in the MCA Members Directory.[/vc_column_text][/vc_column][/vc_row]