The challenge

Conduct extensive research and discovery activities to inform an evidence-based approach to designing and implementing a National Awareness Program for Cyber Security.  

The Attorney-General's Department of the Australian Government was preparing to launch a Cyber Security Awareness program across Australia, and identified a need to gain an understanding of people's current level of cyber security awareness, behaviors, and needs.

Wall walk.jpg

Research approach and methods

Desk research, Qualitative research (contextual interviews and phone interviews), Quantitative research (surveys)

Primary research was conducted in July-August 2017 to understand people’s behaviors, practices, attitudes and understandings of cyber security. In-depth interviews were carried out with 30 people across three research cohorts: the Australian Public, Small to Medium Enterprises and Large Enterprise. Half of the interviews were conducted in person at the cohort's home or place of business, while the remaining interviews were conducted over the phone.  An online survey was also completed by 244 respondents. 

Draft persona_Lyndsay.png
Nell_Draft.png
George_Draft.png
Wall.png

Key learnings

Awareness is low, consequences are not fully comprehended, and the government is not the first port of call

I’m very, very, very cautious. I haven’t really thought about it because I’m really, really careful.
— Australian Public

In the research, we found that people’s awareness of cyber security generally is low and that individuals and small businesses do not actively seek out cyber security information. People often exhibit reactive behaviour and do not see the benefit of changing their security practices until they experience an incident. When they do experience an incident, people and organisations do not see the government as their first point of call. They rely on trusted contacts such as friends, family and IT service providers for guidance and help.

Persona_Lyndsay.png
Persona_Nell.png
Persona_George.png
JourneyMap_Pub.png

Impact of research findings

The findings and recommendations informed CERT Australia’s strategic road-map and continue to be used by the Attorney-General’s Department to engage the public and industry across a variety of channels.

The key opportunities and recommendations identified as a result of this project are for CERT Australia to put the most effort into supporting people during an incident, become the face of cyber security, consolidate websites to offer a single source of truth, and use a measurement framework to track changes in cyber security awareness.  Because pitches for an awareness campaign were already in flight, immediately after wrapping up the research we were also asked to step in and facilitate evaluative testing on the proposed campaigns, offering guidance in selecting the most effective option.

Summary of personas

Summary of personas

Engagement Opportunities Framework

Engagement Opportunities Framework