Security Awareness Video

Why teams ignore security processes — and how to fix it.

A practical cyber security awareness video on why security processes often fail in real teams, and how to make them clearer, easier to follow, and better aligned to everyday work.

Improve process adoption Reduce policy friction Make security usable
Watch the video Security Awareness Pack

Watch: Why Teams Ignore Security Processes — And How to Fix It

Video purpose

Security processes only work when people can actually follow them.

This video explains why security processes often get ignored, not because people are careless, but because the process may be unclear, hidden, too slow, too technical, or disconnected from how teams actually work.

01

Find the real adoption issue

Understand why “more training” is not always the answer when a process is not being followed.

02

Make processes easier

Learn how to make reporting, approvals, access requests, and security checks simpler for teams to use.

03

Connect to real work

Translate security processes into the work moments where people actually need to make decisions.

04

Improve behaviour

Move from policy awareness to practical behaviours that are easier to remember, repeat, and reinforce.

What the video covers

The reasons security processes fail in real teams.

If a team is not following a security process, the issue may be design, communication, timing, ownership, or usability — not just awareness.

Reason 1Too unclear
Reason 2Too hidden
Reason 3Too slow
Reason 4Too technical
Reason 5Too generic
Reason 6No ownership
Reason 7No manager reinforcement
Reason 8No clear route
Reason 9No feedback loop
Reason 10No real-world example

Good vs bad process design

The difference between documenting a process and making it usable.

Security processes do not work because they exist. They work when people know when to use them, why they matter, what action to take, and who to contact.

Weak message

Follow the incident reporting process.

Better message

If something looks wrong or you think you made a mistake, report it quickly using the approved route. You do not need to prove it is malicious first.

Weak message

Submit access requests correctly.

Better message

Before requesting access, confirm what system is needed, why the person needs it, who approves it, and when access should be reviewed.

Weak message

Follow vendor security requirements.

Better message

Before giving a supplier access to company data or systems, check whether the supplier is approved, who owns the relationship, and what access they need.

Next step

Make security processes easier to understand and follow.

The Security Awareness Pack helps organisations communicate security expectations, reporting routes, phishing behaviours, manager responsibilities, and everyday security actions more clearly.

Awareness

Security Awareness Pack

Use practical security awareness materials to improve communication, reporting, phishing readiness, manager support, and new starter guidance.

View awareness pack
Layer 1

Startup Security Toolkit

Use practical templates to document risks, owners, access, assets, vendors, incidents, and security actions.

View toolkit
Layer 2

Implementation Kit

Get guided support to apply the toolkit, prioritise gaps, assign owners, and move from documentation to implementation.

View implementation
Advisory

Book a Consultation

Get support making your cyber security processes, communication, awareness materials, and adoption routes clearer.

Book consultation
Karimah, CISSP-certified cyber security consultant

Presented by Karimah

CISSP-certified cyber security consultant.

Karimah helps organisations make cyber security, GRC, security awareness, access control, risk management, and operational resilience easier to understand, communicate, and act on.

CISSP-certified Cyber security consultant Security awareness education

FAQs

Security process adoption FAQs.

Who is this video for?

This video is for security teams, GRC teams, managers, founders, operations teams, and leaders who want security processes to become part of normal work instead of ignored documentation.

Why do teams ignore security processes?

Teams may ignore security processes when they are unclear, hard to find, too slow, too technical, too generic, disconnected from the way work happens, or not reinforced by managers.

Is more training always the answer?

Not always. If the process itself is hard to understand or impractical to follow, more awareness will not fix the root problem. The process may need to be simplified, clarified, or better embedded into daily work.

What makes a security process easier to follow?

A process is easier to follow when people know when to use it, why it matters, what action to take, who approves it, where to find it, and what to do if something is urgent or unclear.

How can managers help teams follow security processes?

Managers help by reinforcing expectations, using the correct route themselves, making time for secure behaviour, encouraging early reporting, and not rewarding shortcuts that bypass security controls.

Ready to make security easier to follow?

Move from ignored policies and unclear processes to security communication that teams can understand, remember, and use during real work.

Security Awareness Pack Book a consultation Compare Layers 1–4 Startup Security Toolkit