Here’s a question I hear more often than I should… “Why do employees need security awareness training more than once a year?”

Well, after teaching teams for over 10 years, it’s become clear to me that “delivering security training just once per year is virtually a waste of time and money.”

There are 3 reasons why I say this…

1) When employees are only exposed to awareness training once per year, or once every 6 months, they see it more as a “compliance” requirement… something they must “endure”, not something that impacts their behaviour the rest of the time. What we need is for employees to be constantly engaged to be able to recognize the risks they are facing on a daily basis, and how to handle them.


2) Employees may not see a particular attack for a period of months, and may forget how to spot it when it does show up. So, they need to be continuously sensitized to these randomly appearing threats.

3) Attackers are constantly evolving their tactics to evade detection, in a “cat and mouse” game. As we get better at detecting and avoiding the latest attack, attackers will change their tactics, and employees will be faced with new situations that look plausible or believable. And without recently being exposed to what the new threats look like, they will be more likely to fall for them when they appear.

It just makes sense that your cyber security awareness program needs to be continuous.

With global cybercrime growing constantly, and employees not getting any better at spotting the basic phishing and social engineerng attacks, they will increasingly fall for them. At some point, “something’s gotta give”.

Organizations will realize that the old methods just don’t work when attackers can easily craft new ones. We to be more proactive in managing these human risks, rather than treating them as a compliance exercise.

To learn how you can implement continuous cyber security awareness training for your team easily and effectively, without making people want to gnaw their own arms off, you can visit

If you found this episode interesting, please subscribe to the Click Armor Youtube channel.

Cyber Security

Phishing Defense

Phishing threatens businesses and opens the door to ransomware. Fight phishing and spear phishing attacks with gamified learning.

Social Engineering Defense

Social engineering scams are a serious hazard to businesses. Fight back with Click Armor.

Cyber Security Awareness for Remote Workers

Home-based workers are vulnerable to cyber attacks. Build team immunity today.

Privacy and Compliance

PCI Compliance Awareness

When team members work in an environment where they may encounter cardholder data, they need to know what to do to protect it.

Gamified HIPAA Compliance Awareness

If your business is a supplier to a healthcare provider in the USA or Canada, your team needs to know what to do to protect Protected Health information (PHI).

Gamified Learning Platform

Active Awareness Platform

Experience the power of tailored gamified learning with Click Armor. Take your security awareness training to the next level.

Blog / View All