If execs don’t take security awareness training, then it just isn’t important to them. That’s how employees feel, whether training is mandatory or not.

The behavior modelled by executives is one of the most important drivers of corporate culture. If top executives aren’t completing the training in a timely manner (ideally, before everyone else), then it will be hard to engage staff.

Here’s a “truth table” I created for executive words and actions related to security awareness:

1. Top execs say training is important, and they complete it
2. Top execs don’t say training is important, but they complete it
3. Top execs say training is important, but they don’t complete it
4. Top execs don’t say training is important, and they don’t complete it

Security awareness paradox

It’s been a “super-fantastic” experience to see people learning and talking about security threats.

For just $325 USD, you can run a 6 week, automated program for phishing, social engineering and working from home.  (Limited time offer. Normally valued at $999 USD)

Use Promo Code: 6WEEKS

Think about which category your executive team is in. If yours is not in category #1, think about what is needed to get them there.

For categories #2 and #3, they will have excuses to justify why their words and actions aren’t aligned. Find out what the barriers are, and find allies to proposed solutions.

For category #4, there’s a lot of work to be done; you’re living on borrowed time, and execs may be the biggest target. Use stories, data and questions to get them to category #2 or #3, and then to category #1.

If execs don’t put a priority on doing the training themselves, not many others will.


Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.

Cyber Security

Phishing Defense

Phishing threatens businesses and opens the door to ransomware. Fight phishing and spear phishing attacks with gamified learning.

Social Engineering Defense

Social engineering scams are a serious hazard to businesses. Fight back with Click Armor.

Cyber Security Awareness for Remote Workers

Home-based workers are vulnerable to cyber attacks. Build team immunity today.

Privacy and Compliance

PCI Compliance Awareness

When team members work in an environment where they may encounter cardholder data, they need to know what to do to protect it.

Gamified HIPAA Compliance Awareness

If your business is a supplier to a healthcare provider in the USA or Canada, your team needs to know what to do to protect Protected Health information (PHI).

Gamified Learning Platform

Active Awareness Platform

Experience the power of tailored gamified learning with Click Armor. Take your security awareness training to the next level.