Security awareness training must be made less predictable. Employees rarely engage if they think they know what’s coming.

One IT Security manager told me her organization’s developers literally wrote software that everyone used to “run the training”. So they got full credit for completing it. Not what the manager was hoping for.

Another sign of predictable awareness training is that employees can, and do, work on other tasks while a training video is playing. Clearly, nobody is absorbing the concepts in these situations.

Our “croc brains” take over when situations are predictable, and we automatically start looking for more important things to process. Awareness training especially needs to address this problem because employees subconsciously try to find excuses to avoid it.

compliance training shouldn't be your only focus. Image of binoculars

It’s been a “super-fantastic” experience to see people learning and talking about security threats.

For just $325 USD, you can run a 6 week, automated program for phishing, social engineering and working from home.  (Normally valued at $450 USD)

Use Promo Code: 6WEEKS

Here are 3 ways security awareness training can be made more effective using “unpredictability”…

1. Adding visual variety
2. Providing options for a short exploration of related concepts
3. Using assessments based on scenarios

If your awareness training is falling short on employee participation, you should start by making it less predictable.

This is one aspect of what I will be presenting this Wednesday in my next live session on “The Awareness Training Success Framework”.


Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.

Cyber Security

Phishing Defense

Phishing threatens businesses and opens the door to ransomware. Fight phishing and spear phishing attacks with gamified learning.

Social Engineering Defense

Social engineering scams are a serious hazard to businesses. Fight back with Click Armor.

Cyber Security Awareness for Remote Workers

Home-based workers are vulnerable to cyber attacks. Build team immunity today.

Privacy and Compliance

PCI Compliance Awareness

When team members work in an environment where they may encounter cardholder data, they need to know what to do to protect it.

Gamified HIPAA Compliance Awareness

If your business is a supplier to a healthcare provider in the USA or Canada, your team needs to know what to do to protect Protected Health information (PHI).

Gamified Learning Platform

Active Awareness Platform

Experience the power of tailored gamified learning with Click Armor. Take your security awareness training to the next level.