Let’s face it, the once-a-year, everyone in the conference room for an hour approach to cybersecurity training was never effective. It’s outdated, uninspiring, and about as impactful as a post-lunch PowerPoint on password hygiene.
People don’t learn well when they’re bored stiff. Half the room zones out entirely, while the other half retains the information just long enough to forget it by the following week. And let’s be honest, even the few who do remember something rarely apply it in a meaningful way.
Changing cybersecurity habits
Cybersecurity habits (like all habits) only change when learning becomes part of the routine. That’s why short, regular bursts of training are far more effective than one-off marathons. Think microlearning, five to ten minutes a month that is small, digestible, relevant and something people can squeeze in between coffee and their next Teams meeting.
There are two things that matter the most when delivering this kind of training:
- Keep it interesting
Dry content kills attention. Make it funny, make it surprising and make it relevant, if they’re laughing or nodding along then they’re learning. - Respect their time
Don’t overload people. Bite-sized learning respect schedules and increases the likelihood people will actually do it. Five minutes is doable. Thirty? That goes on the ‘snooze until next quarter’ pile.
Cybersecurity training – smaller vs larger organisations
But here’s where it gets interesting, smaller organisations often assume they need to reinvent the wheel. They want to ‘personalise’ the training experience, which often ends up watering it down to the point of irrelevance. And when it doesn’t work? You guessed it, they blame the training platform, not their implementation choices. It's frustrating, but it's predictable.
Larger clients, by contrast, usually come equipped with a bit more structure and a better understanding of risk. They don’t always get it right, but they’re more inclined to listen, adapt, and stick with what works. Once the method is proven and accepted, it runs like clockwork. These organisations churn less, because they get it, they see the link between awareness and resilience.
Training as a 1st line of defence
If you’re still hanging on to the once-a-year model because ‘that’s how we’ve always done it’ … ask yourself this, is that really how you want to maintain your front line of defence? In cybersecurity, complacency is vulnerability and cybersecurity training is not a tick-box exercise, it’s your insurance against chaos.
If you have any questions about Brigantia or our vendor partners and cybersecurity solutions. Get in touch with our team here, or head to our vendor page.
