Security awareness training is usually mandatory for all. But many organizations see less than 60% of employees participating before the next round of training is launched. This presents a strange problem for management. Do you keep trying to get employees to finish the previous training, or start over?

But the real problem is that there are few incentives, and employees often have some rationale for deferring or avoiding awareness training.

100% participation is the holy grail. But how do you even get close to it?

Here are a few barriers to employee participation:

  1. Not communicating the importance of learning about security
  2. Making the experience dull or predictable
  3. Making the content vague, trivial or irrelevant.

If the employees see more friction than benefits from the training, they will “forget” or have “something more important” to do. Intrinsic rewards are harder to grasp than extrinsic ones. But they aren’t always that hard to implement.

It really means making the experience more enjoyable for everyone.

Start by asking: “What’s in it for our employees?”

Security awareness paradox

It’s been a “super-fantastic” experience to see people learning and talking about security threats.

For just $325 USD, you can run a 6 week, automated program for phishing, social engineering and working from home.  (Normally valued at $450 USD)

Use Promo Code: 6WEEKS


Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.