IT

Change management: models, steps, and best practicesCyber security

image
Knowledge Train

  • Copied!Use structured frameworks such as Kotter, Lewin, or ADKAR to sequence activities and maintain momentum.
  • Visible leadership sponsorship and consistent communication reduce uncertainty and resistance.Key takeaways
  • Engage stakeholders early, using influence and impact mapping to target effort where it matters most.Strong cybersecurity reduces business risk by protecting data, systems, and essential services.
  • Integrate change work with project delivery so training, readiness, risks, and benefits stay aligned.Effective security balances confidentiality, integrity, and availability across systems and data.
  • Measure adoption with KPIs and feedback, then reinforce new behaviours through governance, coaching, and policy.Prioritise low-cost controls such as multi-factor authentication, password management, and rapid patching.
Combine prevention with detection, incident response, and tested recovery using secure backups.Change management: models, steps, and best practices
Reduce phishing and social engineering risk through regular training, simulations, and clear reporting routes. Governance, defined roles, and supplier oversight help turn security into a measurable programme.ContentsZero trust, segmentation, logging, and monitoring limit blast radius and speed up containment.

Contents

What is change management?

Change managementCybersecurity vs information security refers to the systematic process of planning, implementing, and overseeing organisational changes to achieve desired business outcomes.

Change management encompasses strategies, techniques, and tools that help organisations prepare for, execute, and sustain change, whether related to processes, technologies, culture, or organisational structure.Glossary of key cybersecurity entities

Effective change management seeks to minimise disruption, address resistance to change, and strengthen engagement among all stakeholdersFAQs.Definition of cybersecurity

Importance of change managementCybersecurity

Organisational change is inevitable as businesses adapt to evolving markets, technologies, and regulations. By using structured frameworks and engaging leadership, organisations can minimise risks, foster innovation, and achieve sustainable success. is the practice of protecting computer systems, networks, and data from unauthorised access, disruption, or destruction caused by cyber threats such as malware, phishing, and data breaches. According to the UK National Cyber Security Centre and the National Institute of Standards and Technology (NIST), cybersecurity employs a range of strategies, technologies, and policies to safeguard the confidentiality, integrity, and availability (CIA Triad) of digital information (

Effective NCSC Guidancechange management, ensures smooth transitions, maintains productivity during transformation, increases return on investment, and supports NIST Glossaryemployee engagement)..A brief history of cybersecurity

Here are some reasons why change management is important.Cybersecurity evolved alongside advances in computing, starting with early computer security measures in the 1970s. With the growth of the internet in the 1990s, threats such as viruses, worms, and hacking grew more sophisticated. Notable incidents, including the WannaCry ransomware attack (2017) and numerous high-profile data breaches, have driven global efforts to improve cyber resilience (

External factorsNCSC: WannaCry insights

External factors play a big role in ).organisational changeWhy is cybersecurity important?. Globalisation and the rapid developments in new digital solutions are forcing organisations to respond. Ignoring such external factors is likely to jeopardise your organisation’s success.Individuals:

Nokia was once the biggest mobile phone company in the world, but it almost went out of business. That’s because it didn’t keep up with changes in mobile technologies. As a result, Nokia’s products didn’t appeal to consumers, and its market share rapidly declined. Protects personal data, online identities, and devices from threats like identity theft and viruses.

Making ideas succeed Businesses:

Many organisations use change management methodologies to enable ideas to succeed. Working alongside Safeguards customer data, intellectual property, and operations from cyberattacks that can cause financial loss or reputational damage.project managersGovernments: who deliver new capabilities into an organisation, Maintains the resilience of critical national infrastructure and protects against cyber espionage and state-sponsored attacks.change managersAccording to the UK Government’s Cyber Security Breaches Survey (2023), 32% of businesses identified cyberattacks in the previous 12 months, highlighting the increasing significance of robust cybersecurity measures ( and change agents help ensure staff are able to fully utilise the new capabilities.GOV.UK Survey

Enabling cross-functional changes).

Almost every functional unit within a modern organisation relies on change management to enable it to:Core functions and principles

  • Align the change plan to the business’s overall strategy.Prevention
  • Improve internal and external services and requests.: Introducing controls such as firewalls, endpoint security, and multi-factor authentication.
  • Track and resolve issues.Detection

  1. Cybersecurity best practices: Recognise drivers such as technological advancements, market shifts, or process inefficiencies.
  2. Define the vision and objectivesUse strong, unique passwords and change them regularly.: Set clear goals for what the change will achieve.Enable multi-factor authentication wherever possible.
  3. Engage stakeholdersUpdate and patch operating systems and applications promptly.: Involve key groups early to build support and address concerns.Verify email senders and beware of unexpected attachments or links (phishing protection).
  4. Develop a change management planInstall and maintain up-to-date antivirus and firewall software.: Outline actions, timelines, resources, and communication strategies.Back up important data securely and regularly.
  5. Implement the changeLimit access based on the principle of least privilege.: Launch the initiative, ensuring leadership guidance and active support from Follow cyber hygiene routines and educate staff about social engineering risks.change agentsDevelop an incident response plan and conduct regular security training..Adopt a zero trust approach by continuously verifying devices and users.
  6. Manage resistance to changeCybersecurity roles and careers: Identify the sources of resistance and address them through communication and support.The demand for cybersecurity professionals continues to grow. Typical roles include:
  7. Monitor progress and reinforceSecurity analyst: Use metrics to track success and celebrate milestones.Penetration tester (ethical hacker)
  8. Sustain changeSecurity architect: Embed new ways of working into culture and practices for lasting results.Incident responder

Change management frameworksChief Information Security Officer (CISO)

Several Qualifications such as CISSP, CompTIA Security+, and NIST Framework knowledge are often required for advancement.change management frameworksCybersecurity vs information security guide organisations through transitions. The most prominent include:While

Kotter’s 8-Step Process

  1. Establish a sense of urgencyinformation security
  2. Form a guiding coalition encompasses the protection of all information assets, both digital and physical. Cybersecurity is thus a subset of information security.
  3. Create a vision for changeGlossary of key cybersecurity entities
  4. Communicate the visionMalware:
  5. Empower broad-based action Harmful software aimed at damaging or stealing data.
  6. Generate short-term winsFirewall:
  7. Consolidate gains and produce more change Hardware or software for controlling traffic based on security rules.
  8. Anchor new approaches in the cultureEncryption:

Example: A retailer launching a new digital platform began with urgency around changing customer expectations, formed a cross-functional team, communicated a compelling vision, and celebrated early improvements to build momentum. Transforming data so it is unreadable without a key.

Lewin’s Change ModelPhishing:

  • Unfreeze Deceptive messages to acquire sensitive data.: Prepare the organisation to accept change by challenging the status quo.Zero trust:
  • Change Security approach requiring all users be continuously verified.: Transition through adoption of new behaviours and processes.NIST:
  • Refreeze US National Institute of Standards and Technology, provider of key cybersecurity frameworks.: Stabilise the organisation by embedding changes into everyday practice.CIA Triad:

Example: A manufacturer seeking to improve quality first destabilised old habits, implemented new protocols, then reinforced behaviours through training and recognition. Confidentiality, Integrity, Availability – three core cybersecurity goals.

ADKAR modelIntrusion detection:

  • Awareness Identifying unauthorised activity on networks or systems. of the need for changeVulnerability:
  • Desire Weakness in a system that may be exploited by threats. to support the changeIncident response:
  • Knowledge Organised approach to addressing and managing security incidents. of how to changeFAQs
  • AbilityWhat is cybersecurity in simple words? to implement changeCybersecurity means protecting computers, networks, and data from unauthorised access and attacks to keep them secure and private.
  • ReinforcementWhat are the main types of cybersecurity? to sustain changeThe main types are network security, application security, endpoint security, cloud security, and information security.

Example: In a software roll-out, employees learned why the upgrade was essential (Awareness, Desire), received hands-on workshops (Knowledge, Ability), and were rewarded for adoption (Reinforcement).What are the top cybersecurity threats?

Change management challengesMajor threats include malware, phishing, ransomware, social engineering, data breaches, and zero-day exploits.

Organisations frequently encounter obstacles when managing change. Common challenges include:How is information security different from cybersecurity?

  • Resistance to changeInformation security covers protection of all types of information, while cybersecurity is focused specifically on securing digital data and systems from cyber threats.: Employees may fear job loss, uncertainty, or increased responsibilities.How can individuals and organisations protect themselves?
    Use unique strong passwords, enable multi-factor authentication, regularly update software, guard against phishing, use antivirus and firewalls, and maintain data backups.SolutionWhat is the CIA Triad in cybersecurity?: Foster open communication, involve employees in decision-making, and provide adequate support.The CIA Triad refers to the three core principles: confidentiality, integrity, and availability, which all security measures aim to protect.
  • Poor communicationWhat does a cybersecurity professional do?: Inadequate information can cause confusion and low morale.A cybersecurity professional safeguards networks and systems from attacks, detects vulnerabilities, manages incidents, and ensures compliance with security policies.
    Subscribe to our exclusive offers and promotionsSolution : Communicate regularly, using clear and consistent messaging across channels.Subscribe now
  • Lack of leadership commitment : Without executive support, initiatives may falter.
    {"@context":"https://schema.org","@type":"WebPage","name":"What is Cybersecurity? Types, Threats & Best Practices","url":"https://www.knowledgetrain.co.uk/it/cyber-security","description":"Learn what cybersecurity is, types of threats, examples, and best practices for individuals and businesses. Covers roles, terms, and advice for staying secure.","significantLink":"https://csrc.nist.gov/glossary/term/cybersecurity","mainEntity":[{"@type":"Article","headline":"What is cybersecurity? Types, threats and best practices","about":[{"@type":"DefinedTerm","name":"cybersecurity","sameAs":["https://en.wikipedia.org/wiki/Computer_security","https://www.google.com/search?&kgmid=/m/01ycjq","https://www.wikidata.org/wiki/Q8881"]},{"@type":"DefinedTerm","name":"network security","sameAs":["https://en.wikipedia.org/wiki/Network_security","https://www.google.com/search?&kgmid=/m/02r47l","https://www.wikidata.org/wiki/Q19664"]},{"@type":"DefinedTerm","name":"information security","sameAs":["https://en.wikipedia.org/wiki/Information_security","https://www.google.com/search?&kgmid=/m/04z68","https://www.wikidata.org/wiki/Q43960"]},{"@type":"DefinedTerm","name":"malware","sameAs":["https://en.wikipedia.org/wiki/Malware","https://www.google.com/search?&kgmid=/m/01crd1","https://www.wikidata.org/wiki/Q145896"]},{"@type":"DefinedTerm","name":"firewall","sameAs":["https://en.wikipedia.org/wiki/Firewall_(computing)","https://www.google.com/search?&kgmid=/m/018l1d","https://www.wikidata.org/wiki/Q108290"]},{"@type":"DefinedTerm","name":"encryption","sameAs":["https://en.wikipedia.org/wiki/Encryption","https://www.google.com/search?&kgmid=/m/02r0p7","https://www.wikidata.org/wiki/Q4913"]},{"@type":"DefinedTerm","name":"phishing","sameAs":["https://en.wikipedia.org/wiki/Phishing","https://www.google.com/search?&kgmid=/m/03b_lg","https://www.wikidata.org/wiki/Q191095"]},{"@type":"DefinedTerm","name":"data breach","sameAs":["https://en.wikipedia.org/wiki/Data_breach","https://www.google.com/search?&kgmid=/m/0drjp1p","https://www.wikidata.org/wiki/Q312735"]},{"@type":"DefinedTerm","name":"CIA Triad","sameAs":["https://en.wikipedia.org/wiki/Information_security#Confidentiality,_integrity,_availability","https://www.google.com/search?&kgmid=/m/025v2c4","https://www.wikidata.org/wiki/Q41315986"]},{"@type":"DefinedTerm","name":"zero trust","sameAs":["https://en.wikipedia.org/wiki/Zero_trust_security_model","https://www.google.com/search?&kgmid=/g/11gxlqnv94","https://www.wikidata.org/wiki/Q61252787"]},{"@type":"DefinedTerm","name":"multi-factor authentication","sameAs":["https://en.wikipedia.org/wiki/Multi-factor_authentication","https://www.google.com/search?&kgmid=/m/0k4pw7w","https://www.wikidata.org/wiki/Q319967"]},{"@type":"DefinedTerm","name":"vulnerability","sameAs":["https://en.wikipedia.org/wiki/Vulnerability_(computing)","https://www.google.com/search?&kgmid=/m/07fyld","https://www.wikidata.org/wiki/Q1060929"]},{"@type":"DefinedTerm","name":"social engineering","sameAs":["https://en.wikipedia.org/wiki/Social_engineering_(security)","https://www.google.com/search?&kgmid=/m/06h_yz","https://www.wikidata.org/wiki/Q2153504"]}],"mentions":[{"@type":"DefinedTerm","name":"endpoint security","sameAs":["https://en.wikipedia.org/wiki/Endpoint_security","https://www.google.com/search?&kgmid=/g/11bxwpl57w","https://www.wikidata.org/wiki/Q53767801"]},{"@type":"DefinedTerm","name":"cloud security","sameAs":["https://en.wikipedia.org/wiki/Cloud_computing_security","https://www.google.com/search?&kgmid=/m/03cm9mw","https://www.wikidata.org/wiki/Q5178412"]},{"@type":"DefinedTerm","name":"incident response","sameAs":["https://en.wikipedia.org/wiki/Incident_response_team","https://www.google.com/search?&kgmid=/g/11fb2lwns5","https://www.wikidata.org/wiki/Q23744368"]},{"@type":"DefinedTerm","name":"intrusion detection","sameAs":["https://en.wikipedia.org/wiki/Intrusion_detection_system","https://www.google.com/search?&kgmid=/m/01fzgg","https://www.wikidata.org/wiki/Q1430920"]},{"@type":"DefinedTerm","name":"cyberattack","sameAs":["https://en.wikipedia.org/wiki/Cyberattack","https://www.google.com/search?&kgmid=/m/032pft","https://www.wikidata.org/wiki/Q187913"]},{"@type":"DefinedTerm","name":"NIST","sameAs":["https://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology","https://www.google.com/search?&kgmid=/m/0268w","https://www.wikidata.org/wiki/Q362696"]}]},{"@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is cybersecurity in simple words?","acceptedAnswer":{"@type":"Answer","text":"Cybersecurity means protecting computers, networks, and data from unauthorised access and attacks to keep them secure and private."}},{"@type":"Question","name":"What are the main types of cybersecurity?","acceptedAnswer":{"@type":"Answer","text":"The main types are network security, application security, endpoint security, cloud security, and information security."}},{"@type":"Question","name":"What are the top cybersecurity threats?","acceptedAnswer":{"@type":"Answer","text":"Major threats include malware, phishing, ransomware, social engineering, data breaches, and zero-day exploits."}},{"@type":"Question","name":"How is information security different from cybersecurity?","acceptedAnswer":{"@type":"Answer","text":"Information security covers protection of all types of information, while cybersecurity is focused specifically on securing digital data and systems from cyber threats."}},{"@type":"Question","name":"How can individuals and organisations protect themselves?","acceptedAnswer":{"@type":"Answer","text":"Use unique strong passwords, enable multi-factor authentication, regularly update software, guard against phishing, use antivirus and firewalls, and maintain data backups."}},{"@type":"Question","name":"What is the CIA Triad in cybersecurity?","acceptedAnswer":{"@type":"Answer","text":"The CIA Triad refers to the three core principles: confidentiality, integrity, and availability, which all security measures aim to protect."}},{"@type":"Question","name":"What does a cybersecurity professional do?","acceptedAnswer":{"@type":"Answer","text":"A cybersecurity professional safeguards networks and systems from attacks, detects vulnerabilities, manages incidents, and ensures compliance with security policies."}}]}]}Solution : Gain leadership buy-in and ensure visible commitment throughout the transition.Related articles
  • Cultural misalignment : Change may conflict with existing organisational culture.
    Solution : Integrate change efforts with culture change and organisational development strategies.
  • Insufficient resources or planning : Poor planning can delay or derail change projects.
    Solution : Invest in project management , transition planning, and risk assessment.

Change management and business functions

  • Organisational developmentWhat is cyber security?: Change management techniques are often a core part of organisational development, aiming for long-term improvement in effectiveness.
  • Project managementSimon Buehring: Integrating change management with 19 Feb 2026project management ensures project deliverables are adopted and sustained.Explore the essentials of cyber security, its importance, and the tools you need for a career in this field. Scroll down to learn more.
  • Business transformation : Large-scale initiatives such as mergers or digitalisation depend on robust change management for success.
  • Stakeholder engagement : Identifying and actively involving key stakeholders is crucial in minimising resistance and ensuring buy-in.
  • Leadership : Strong, credible leadership drives the success of change initiatives through clear direction and support.

Change management best practices

  • Establish clear communication strategiesCyber Security Awareness in Organisations tailored to different stakeholder groups.
  • Appoint dedicated change agentsSimon Buehring to guide and support the change process.19 Feb 2026
  • Use data to inform decisions and measure progress through key performance indicators (KPIs).Cyber security awareness encompasses not only knowledge but also the crucial attitudes and behaviours needed to safeguard information assets. Read on to enhance your strategies and secure your data effectively.
  • Encourage feedback from employees at every stage.
  • Provide training and support to build new skills and confidence.
  • Integrate change into company culture to ensure lasting results.
Summary of key frameworks used in change management
ModelOctober is cyber security awareness monthCore Steps Main FocusSimon Buehring
Kotter’s 8-Step19 Feb 20268 outlined steps Building urgency, vision, momentumLearn about the origins of Cyber Security Awareness Month and its global significance. Discover more about the initiative by scrolling down.
Lewin’s Change Unfreeze, Change, Refreeze Preparing, transitioning, embedding
ADKAR Awareness, Desire, Knowledge, Ability, Reinforcement Individual adoption stages

Related concepts in change management

  • Organisational developmentWhat jobs are available in cyber security?Project Management KPIs | Knowledge Train: A discipline focused on improving organisations through planned interventions in processes and culture.
  • Stakeholder engagementSimon Buehring: The ongoing process of involving those impacted by change in planning and implementation. 19 Feb 2026
  • Leadership in change management : The role of leaders in inspiring, directing, and supporting people through transitions. Explore the challenging and rewarding career opportunities in cyber security. Learn about the required certifications and skills by reading further.
  • Risk management : Identifying, analysing, and mitigating risks that arise during change initiatives.

Request a quote The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
PRINCE2 ® Foundation Learn the fundamentals of the PRINCE2 method. Marketing