IT security Services at ALLOWLIST cyber security store

Why your security awareness training isn’t working – and how to fix it

In a time where – whether we’re working from home or the home office – business is conducted primarily through the internet and a network of interconnected devices, cybersecurity awareness has never been more important. 

Traditionally, cybersecurity training had been shunned in favour of hardware and software solutions. The unfortunate truth, however, is that 90% of security breaches involve human error – something that high-tech solutions can never address. 

Attitudes are changing, however. Indeed, an impressive 73% of large firms in the UK have deployed cybersecurity training in 2019. 

But whilst the drive to train staff is increasingly there from organisations, the quality of the training delivered often undermines its growing importance. 

Traditional approaches to cybersecurity training take a top-down, box-ticking approach which judges success by how many employees get sent an email or watch a video. 

Worse still, they often scare staff with worst-case scenarios, rather than empowering and engaging them as allies in the same ongoing fight against breaches.

This approach is misguided and, indeed, counterproductive. Cybersecurity is everyone’s responsibility, so everyone needs to be brought along on the journey and helped to understand how they can play their part. 

So, what can you do to fix your security awareness training? Join us as we share the secrets behind great training. 

Tell stories

Storytelling is at the heart of human nature. It’s how we share experience, how to relate and, most importantly, how we learn. 

Simple presentation of facts and new behaviours isn’t enough to modify entrenched actions. To really change behaviours and build new cultures, storytelling is essential.

Be smart about how you engage and train staff

The first step you need to take is to consider how you can harness the emotional reactions which motivate each of us.

Cybercriminals do this successfully to do harm, so it only stands to reason that doing the reverse can be used for good. 

Our strongest recommendation? Reframe your training as a collective effort to protect each other, rather than a way to prevent your team from failing. 

Be distinctive… and brief!

Dull, dry training is the fastest way to lose the attention and enthusiasm of your team. 

By utilising creative storytelling techniques and immersive experiences to engage and entertain everyone, you help increase buy-in of your training from your team. 

And the best way to retain the attention span of your team? Keep your training short, sharp and to the point. Recent studies have put the average adults’ attention span at just 14 minutes, so don’t underestimate the value of brevity.

Taken together, the result of these tips is cybersecurity training that empowers your people and keeps everyone safer.

Shopping Cart