Perceived Control, or “Perceived Behavioural Control,” is a core concept from the Theory of Planned Behaviour (Ajzen, 1991) Alongside attitude and social norms, perceived control shapes a person’s intention to engage in certain behaviour. What’s crucial here is that people feel they have enough knowledge, skills, and support to act successfully.
For example: someone knows that strong passwords are important, but if they don’t have practical tools to create or manage them, secure behaviour often doesn’t follow. In other words: knowing is not the same as being able — and that’s where the real challenge lies.
In the context of information security, the lack of perceived control can lead to risk-averse or even avoidant behaviour. Think of employees who prefer to ignore phishing emails rather than report them, out of fear of doing it wrong. Or colleagues who share information insecurely because they don’t know what the alternative is. By providing training, support, and removing practical barriers, you not only give employees the knowledge they need but also the confidence they require. And that’s where behavioural change really begins.
At Awareways, perceived control is measured as part of broader behavioural assessments and learning interventions. We use scientifically validated questionnaires based on the Theory of Planned Behaviour.
These questionnaires include questions such as:
“I know what I need to do in situation X”
“I feel capable of acting safely in scenario Y”
“I have the resources I need to work safely”
These questions measure the sense of control and autonomy – the core of perceived control.