Cyber security is increasingly a board-level governance priority as human led risks like phishing and identity attacks grow in volume and sophistication, amplified by AI. Organisations must not only defend against these threats but also show their people can recognise and respond effectively.
In this video, Nick Deacon Elliott - CEO of Boxphish, explores alignment with the UK Government’s Cyber Governance Code of Practice, a six-pillar voluntary framework guiding boards to embed effective cyber security.
He gives an overview of the framework and focus on Pillar 3: People, showing how to operationalise it through:
- Continuous, structured awareness programmes, including micro-learning and phishing simulations.
- NCSC-Assured training for consistent, high-quality education.
- Leadership engagement to reinforce accountability and a strong security culture.
Many organisations run awareness training, but few can demonstrate its impact. If your board asked whether people focused controls are reducing risk, could you prove it?
