Gartner Research

CISO Foundations: Build a Culture of Security Consciousness: Introducing the Gartner PIPE Framework

By 2025, 40% of cybersecurity programs will deploy socio-behavioral principles.

Analyst(s): Richard Addiscott, Andrew Walls, William Candrick, Christine Lee

Traditional approaches focused merely on raising awareness of cybersecurity threats are ineffective in reducing an organization’s cybersecurity risk levels. Increased speed and convenience (a perception that business needs outweigh the risk) and experiencing no adverse consequences for their actions are the most common reasons why employees engage in unsecure behaviors.

CISOs seeking to reduce the negative impact of human behavior on their cybersecurity risks levels should: 

  • Prepare to radically recast their approach to foster behavior changes
  • Plan a long-term program
  • Leverage the Gartner PIPE (practices, influences, platforms and enablers) Framework
  • Use behavior-centric, outcome-driven metrics

Complete the form to get your copy of the research.

Download Now

Minimize human impact on cybersecurity risk levels.

By clicking the "Continue" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

Contact Information

All fields are required.

  • Step 2 of 3

    By clicking the "Continue" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

    Company Information

    All fields are required.

    Type company and location
    Optional Optional
  • Step 3 of 3

    By clicking the "Submit" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.