Research, analysis, and practitioner perspectives on security behaviour change, incident response, and AI governance.
The 48 hours following a ransomware attack represent the highest-impact window for staff training. LimitedView's research across 847 organisations shows why timing is the single most consequential variable in post-incident training effectiveness.
Read article
Content quality accounts for far less of security training effectiveness than timing. Neuroscience research explains why the 48-hour window after an incident produces fundamentally different outcomes.
Shadow AI refers to AI tools used within an organisation without IT or security approval. Here is what it means, why it creates serious risk, and how to detect it before it causes damage.
FCA and PRA supervisory expectations are shifting cybersecurity training from a compliance checkbox into an operational resilience requirement. Here is what financial services firms need to know.
Incident-triggered training delivers targeted learning immediately after a real security event. LimitedView's analysis of 847 organisations shows it produces 6× the behaviour change of scheduled programmes — here is how it works and why the difference matters.
Most organisations believe they are prepared for a cyber incident. Most are not. Here is how readiness is assessed, what genuine preparedness looks like, and where the gaps are most commonly found.
An AI governance framework defines how an organisation controls, monitors, and accounts for AI use across its operations. This guide explains what one contains and how to build it without stalling adoption.
Healthcare organisations face a disproportionate share of ransomware and data theft attacks. The training challenge is not awareness — it is building secure behaviours that hold under the pressures of clinical delivery.
Traditional security awareness training retains just 12% of content at 90 days. LimitedView's analysis of 847 organisations and 650,000+ employees identifies exactly why scheduled programmes fail — and what the data says organisations should do instead.
AI is changing cybersecurity training in ways that go beyond personalised content. The most significant application is automating the connection between incident detection and training deployment.
An AI audit trail is a tamper-evident log of every AI interaction that records what was asked, what the model returned, and what happened next. This article explains why these records are essential for compliance and accountability.
Supply chain attacks compromise organisations through their trusted suppliers and software dependencies. Training teams to recognise, respond to, and contain these threats requires a fundamentally different approach to third-party risk.
Phishing simulations are widely deployed but rarely evaluated against the behaviour change they are supposed to produce. LimitedView's analysis across 847 organisations compares simulation-based and real-incident training on the metrics that actually matter.
A multi-model AI strategy uses different AI models for different tasks based on capability, cost, and risk profile. This article explains why organisations are adopting this approach and what it takes to manage it well.
Phishing click rates dominate security culture measurement. They measure threat recognition in artificial conditions, not the automatic behaviour patterns that actually determine security outcomes.
Most security training is measured by completion rates. LimitedView's analysis of 847 organisations identifies the metrics that actually predict incident reduction — and explains why the numbers most CISOs report are disconnected from operational outcomes.
Board-level cyber reporting has improved in form but not always in substance. CISOs who want to drive genuine board engagement on cyber risk need a different approach to what they present and how they present it.
Most organisations spend £47 per employee on security training each year. Our research across 847 organisations shows £41 of that is wasted — because the timing is wrong.
AI policy enforcement is the technical and operational process of ensuring that AI governance rules are applied consistently at runtime, not just documented in policy files. This article explains how to close the gap between written policy and actual practice.
Completion rates tell you who clicked through a module. They do not tell you whether anyone will make a better decision under pressure. The gap between compliance and behaviour change is where most security risk actually lives.
Security training failure has a calculable cost. Repeat incidents, regulatory penalties, and remediation overheads combine into a figure that most organisations have never formally modelled.
Shadow AI is the new shadow IT. Without governance, every AI interaction is an unaudited decision. Here's why policy-first matters.
A deep dive into our research methodology and findings across 847 organisations and 650,000+ employees.
