Cyber Security Training

Why your security awareness training failed, and what to do about it

You ticked all the boxes: posters, compulsory e-learning, seminars and desk-drops – you did it all. Even gave yourself a proverbial pat of the back for your ‘fool-proof’ strategy…Only to come back one day to the office and discover that all your files have been encrypted because one of your colleagues couldn’t resist following a link to claim their free iPhone 12.

So you are back to square one, thinking about what went wrong. You run your campaigns, people smiled and nodded, surely that was enough, right?


Here are the reasons why security awareness training needs more than to just ‘inform’.

Cyber security as a Tick Box Exercise

Security awareness training has traditionally been performed with a degree of resignation, more to serve a bureaucratic expediency than to accomplish any higher purpose.

Some employees receive their hefty training manuals with all necessary information during their induction and are considered ‘informed’. Others use unengaging online training programmes that merely make the business ‘compliant’. Let’s face it: most of the time, the awareness training is boring, condescending or outdated and worse still its forgotten because it’s not relevant, engaging and interactive.

If you’re thinking about revamping an existing program or creating a new one from scratch, you’re likely looking for different ways to be relevant and engaging. To make it successful, you have to make it stick and resonate with everyone.

Fortunately, you don’t need to reinvent the wheel; there are lots of resources available to help, regardless of how big or small your budget might be.

Cyber security is a tech problem

Tell me if you heard this one before: “If you did your job right, I wouldn’t have to worry about cybersecurity”.

Some people’s attitude toward cybersecurity is all wrong. They never think beyond the IT department and technology systems to acknowledge their own role in cybersecurity.  Often people think security is not relevant to them, but with technology playing an integral part of our everyday lives, be that at work or at home, we need to consider a more security minded approach.  Security is everyone’s responsibility, and we need to know how to defend ourselves.  It starts with human behaviours and attitudes.

The need to gain sponsorship and buy in from the senior leaders in the organisation is critical. Changing people’s attitudes towards cybersecurity is a challenge, but not an impossible ask.   To change attitudes, to open minds, we need to engage people from all aspects of the business, using techniques that allow us to remember the material, relate to it and most importantly, stop and think before they do.  

Cyber Security training with a focus on human psychology can change attitudes and behaviours, recalling our experiences, with material that is relatable enabling us to learn from our mistakes and adapting our behaviours accordingly fostering an all-inclusive culture of security.

Request CybSafe Training demo and complimentary access to Dark Web Report.

I knew better, but I did it anyway

In theory, people who complete cyber awareness training should be informed about the best practices and dangers of the cyberworld. They received the message – they are just not acting on it.

People simply just ignore security advice.

‘But, why?’ I hear you cry.

There are many reasons. Usually, they are underestimating their chance of becoming a victim or overestimating their ability to respond to security threats.  On the other hand, they may have low confidence in their security skills or view security procedures as inconvenient and slowing them down. More often they are conflicted and decide no action is the best course of action or worse adopt default behaviours (Such as the same password for more than one account and everywhere!).

Most security awareness campaigns focus on improving security awareness. That’s all well and good. But if fresh awareness fails to change behaviour or culture, you have a problem. At the end of the day, it’s one thing to train staff; it’s quite another thing for staff to act on that training.

Security awareness training failed – What can I do now?

Improving security awareness, behaviours and culture at once is a much better ploy. Improve all three at once and your human cyber risk falls.

Easier said than done, I know, but it doesn’t have to be a herculean task.

CybSafe Security Awareness Training platform enables you to quantify your human cyber-risk and resilience, whilst measuring whether your awareness activities (such as training and phishing simulations) are actually working. This social behaviour and cyber-crime focused technology fuses psychology and behavioural science with artificial intelligence and data science.

See the video below to find out more about how CybSafe works.

Request CybSafe Training demo and complimentary access to Dark Web Report.

Related posts

International Women’s Day: The increasing importance of women in technology

Stuck in a loveless Cisco partner relationship? You can do better.

Cybersecurity lessons learnt from 2022 and the New Year’s security resolutions you should stick to

12 new year’s resolutions for collaboration and hybrid working in 2023

What are the main reasons for poor WiFi in schools and how can you improve it?

How WiFi in schools is transforming the learning experience

All about the Department for Education Connect the Classroom initiative

Cloud Telephony for Public Sector

How is SASE Helping the Public Sector?

Hybrid workers are here to stay, but is your business ready?

How does call recording and analytics improve customer services?

A Quick Guide to Zero Trust Security

New phish in town – Browser-in-the-browser attack

Dubber on Webex – Call Insights and AI for Public Sector

Deep dive into the world of Secure Cloud Analytics

How is contact centre technology transforming the customer experience?

Exploits our radar: Apache Log4j

Cisco Secure Endpoint vs Microsoft Defender: Which one to choose?

From nice-to-have to business essential: why security matters for every business

How the adoption of digital accelerated collaboration technology