If You Really Want To Motivate Security Awareness, You Need To Bring In The Grandparents.
Neal O’Farrell, one of the world’s longest-serving cybersecurity experts, today announced the launch of The Big Security Talk, a groundbreaking webinar designed to make employee security awareness programs make more sense and achieve better results.
As AI dramatically increases the pressure on the human perimeter, your employees, recent studies have shown that security awareness training does little to improve security or awareness, and behaviorists suggests that training was never meant to change behavior.
We’re creating so many unnecessary vulnerabilities simply because we’re looking at security awareness the wrong way”
— Neal O’Farrell
A recent major study of nearly 20,000 employees by UC San Diego Health suggests that the billions of dollars invested annually in security awareness training has made little difference.
The study found that during repeated phish testing and training:
• 75% of users engaged with the embedded training materials for a minute or less.
• One-third immediately closed the embedded training page without engaging with the material at all.
• Embedded phishing training only reduced the likelihood of clicking on a phishing link by 2%.
“We’re creating so many unnecessary vulnerabilities simply because we’re looking at security awareness the wrong way,” according to Mr. O’Farrell. “Psychologists have repeatedly warned us that employees don’t change habits because of training, but because of motivation. Policies, rules, and phish testing are simply not motivational.”
Also Read: CIO Influence Interview with Hugo Dozois-Caouette, CTO and Co-founder at MaintainX
That view is supported by world-renowned habit expert BJ Fogg who describes it as “the information-action fallacy” and the false notion that more training will mean more behavior change. Fogg, author of the best-selling book Tiny Habits and founder of Stanford University’s Behavior Design Lab suggests that to persuade employees to change their habits you need to give them a strong personal and emotional motivation to do so.
In his Big Security Talk Neal helps ignite that emotional response and motivation by showing employees how the criminals targeting their workplace are part of the larger and converging criminal ecosystem that’s also targeting their own grandparents and kids with often life-changing scams, targeting the schools and hospitals your employees depend on, and even interfering with their own democracy and elections.
“One of the most powerful lessons I learned from working with thousands of consumers and victims is how quickly and permanently they change their habits once there’s a personal connection to the threat,” said Mr. O’Farrell. “We need to replicate that personal and emotional motivation in the workplace.”
Catch more CIO Insights: CIOs as Ecosystem Architects: Designing Partnerships, APIs, And Digital Platforms
[To share your insights with us, please write to psen@itechseries.com ]


