Organisations are investing more than ever in security awareness and training. Yet many employees still bypass security rules in their daily work. Why?
In this whitepaper, we explore the Knowledge–Action Gap — the disconnect between what employees know about cybersecurity and how they actually behave under pressure.
Based on insights from NorthGRC’s 2025 Nordic survey of 2,000 employees, the paper reveals how security policies often collide with productivity, creating friction that leads employees to take shortcuts or adopt unapproved tools.
In this whitepaper you will learn:
- Why traditional awareness training often fails to change behaviour
- How System 1 and System 2 thinking influence security decisions in everyday work
- Why Shadow IT emerges in modern organisations
- How leadership shapes cybersecurity culture
- How organisations can move from static compliance to true cyber resilience
Download the whitepaper to discover how organisations can bridge the gap between policy, behaviour, and leadership to build a stronger and more resilient security culture.