The greatest risk to cybersecurity is human error. Here’s how to engage your employees in cybersecurity training

by Brock Horning | October 2024

Autumn is in full swing and the leaves are falling all around, that can only mean one thing- it’s Cybersecurity Awareness Month, of course!

With each new data breach and security hack, the need for better cybersecurity becomes ever more pressing. But this isn’t an issue that companies can completely buy themselves out of. A 2024 report highlighted that human error was the greatest risk to cybersecurity, whether through negligence, phishing scams, or simple stolen hardware. So what’s the solution?

Barraging employees with security warnings, dry training sessions, and inconvenient security procedures can actually weaken your cybersecurity efforts. The well-documented ‘cybersecurity fatigue’ sets in, where employees become completely disinterested in any security measures and their behavior tends to get riskier.

The thing is – cybersecurity training is just a checkbox exercise for many companies. It is often dry, text-based learning that won’t keep security front of mind after the annual training session has been endured. Many elements aren’t even relevant to the person taking the training because it’s a one-size-fits-all approach. This all needs to change.

A still from Living Security’s cybersecurity training.

To showcase a different way of thinking, we’ve pulled together three examples of cybersecurity training that have employees sitting forward. Each one demonstrates a fresh and effective approach:

Taking a cinematic approach, the team at Living Security plotted out a whodunnit-style mystery. Learners take on an interactive film in which they must work out who stole the party host’s Netflix password by interrogating different party guests. Each avenue of questioning demonstrates and exposes a different, common cybersecurity threat.

It’s a fun, light-hearted approach that has delivered real results. Clients reported more conversations between learners and this discussion and engagement improved information recall after the learning module was over. The interactive video approach allows the film to work well both as group training and one-to-one sessions.

Gamification has long been used in learning and training but it often just means giving learners badges or points for completing modules. Moonshot Inc. and CyberTheory took gamification to the next level when they created a product demo for an industrial cybersecurity specialist.

The interactive game plays out the problems and consequences of common cybersecurity threats. Two players, an ‘attacker’ and a ‘defender’, try to best one another across five different industries. Attackers could choose different attacks and the defenders could put up different defenses in response. After each ‘attack’ and ‘defence’ combination, a summary screen highlights the important takeaways.

The results were impressive – as Moonshot Inc’s Nick Handley said: “People were hungry to learn more.”

Time to decide. A still from Devogame’s annual competition

Devogame is an annual competition run by cybersecurity agency Devoteam. Aimed at students, the interactive challenge is designed to test technical knowledge and review the skills they’ll need on their course.

For their 6th competition, players became Cloud Investigation Agency (CIA) operatives, who must work out who is behind the attempt to hack the agency’s cloud. With the help of their cybersecurity agent colleague, they have to identify who has been illegally exchanging confidental information.

As this was targeted at students, the project leant into video game territory. Players had to interview the three suspects to demonstrate not just technical know-how but also soft skills development. Behavioral factors such as concentration, emotional intelligence and adaptability were analyzed and measured. Tying in this extra layer acknowledges and addresses the human error elements of cybersecurity risk.

These three examples show that cybersecurity training doesn’t need to be dry or complex. With interactive video, training modules can be fun, engaging and boost information recall.

Humans learn best by doing. The most effective training techniques put learners into situations that mimic real scenarios. When they encounter these situations after the training is over, they are more likely to recall the correct responses.

Branching scenario training simulator

Narrative devices encourage learners to emotionally invest in their learning outcomes. It’s hard to replicate the emotional stakes of the real scenario in a training quiz. However, learners who are engaged and invested in the consequences of their decisions will actively trying to absorb information.

Cybersecurity is a serious topic – but that doesn’t mean training has to be. Interactive experiences that are designed to be fun will get greater engagement from learners.