Developing a Cybersecurity Culture

For the past eight years, we have been steadfastly ensuring the effective education and training of 130,000 people to act as a security line of defense.


by Fabien Vial


AXA is one of the largest insurance companies in the world and – as such – a top target for cybercriminals. As the company embarked on a profound transformation of its security capabilities, the group’s chief security officer approached Adviso with a question: how to change the company’s culture and make the 130,000 employees a strong line of defense against cybercrime?


The client first needed a clear concept to rally around and a solid culture change strategy. We arrived at « Care, Protect, Alert », a clear, powerful and versatile security mindset that sticks and translates into all work situations.

Yet, the true efficacy of a culture is determined by the depth of its adoption. Therefore, we devised an awareness and behavior change plan, along with resources to encourage everyone to understand, act and advocate for security. Collaborating across entities, we provided the necessary tools to implement the change plan, resulting in a unified experience around the globe.

We started with a period of extensive research and consultation, interviewing international stakeholders to understand when and why employees are taking risks from an information security perspective. It was the beginning of a closely collaborative process with the entities.

We developed a comprehensive set of culture change tools created with a unique team composed of changemakers, certified security experts, neuroscientists, digital learning specialists, creatives and filmmakers:

    • An anti-phishing learning journey, resulting in the company sending over 1 million phishing emails to its employees annually to assess their ability to detect fraudulent activities; this is complemented by concise e-learning modules for individuals who happen to click on the malicious links.

    • A security certification training curriculum for all employees, tailored to specific populations, that ultimately achieved the highest participation score within the Group and garnered several international awards.

    • Communication materials comprising articles, cartoons, on-site and online games, events, conferences, infographics, and films. One particular film campaign received the prestigious honor of ‘Best Internal Communication Campaign of the Year’ at the international Cannes Corporate Film Festival.

This multiyear effort leaded to position the security team as internal best practice in the field of culture change and the company itself as a leading benchmark amongst their peers in the field of security awareness maturity. And of course, this effort highly contributes to keep security level high.

I strongly believe in the importance of the human dimension of security. Thanks to our awareness efforts, we have divided our risk exposure by 4 or 5. Thank you!

— Arnaud Tanguy, AXA Group Chief Security Officer

"Care, Protect, Alert" is the AXA' Security Mindset.

Cartoons to illustrate security risks

Deepfake Technology

Extracts from the interactive e-learning course

"Culture is not inherited, it is won."

Motion video illustrating security best practices

Fabien Vial


Fabien is the CEO and founder of Adviso. His innovative, people-centric approach has helped numerous organizations achieve success in navigating complex changes.



get in touch