Five Ways to Make Cybersecurity Training More Engaging

With data breaches on the rise, every member of the lab needs to be aware of cybersecurity risks

Juta Gurinaviciute

Almost nine out of 10 data breaches are caused by human error, but only 43 percent of employees admit having made mistakes and compromised cybersecurity. Social engineering methods were incorporated in one-third of the breaches of the past year, and the cost of an attack attributed to a human mistake averaged at $3.33 million

Labs and research facilities try to mitigate the risk by developing complex cybersecurity strategies and action plans, but most of them are incomplete without sincere input by every member of the organization. Half of the chief information security officers (CISOs) plan to blend cybersecurity and privacy into all business decisions, making it every employee’s concern. 

With the evolution of digital threats, cyber resistance is no longer in the hands of IT and security officers, and requires input by every member of the organization. Constant training builds the team’s resilience against dangers, yet it is common for them to turn into tedious PowerPoint sessions, after which few remember what safety measures they should take.

CISOs, lab managers, and other stakeholders can engage employees by changing the way cybersecurity is presented and taught. Surveys show that those who found training to be very interesting were 13 times more likely to change the way they think about cyber threats and to alter their habits. Therefore, organizations should talk about complicated cybersecurity matters in a memorable, entertaining, and accessible way.

Five ideas to make cybersecurity training engaging

Gamify it. Endless figures slide after slide, bullet points of “dos and don’ts” along with puzzling safety procedures make the process lethargic. On the other hand, quizzes, games, prizes, and quality time with colleagues will surely enhance enjoyment and learning. Interactive activities boost engagement and thus yield better results in explaining cybersecurity to staff. 


Try friendly competition. The key element of every game is competition. However, a prompt question in a video lesson or “innovative” content is insufficient to engage people. People are more eager to participate when they have an incentive, be it a prize or pride. Organizations should think about monthly, quarterly, or yearly competitions to keep workers constantly aware of emerging threats and prevention against them.

Reward your employees. Turn the right answer into a badge, a discovered vulnerability into a star, and a year without an incident into a holiday bonus. While participating in a competition, people expect feedback, so they knew how they did. The reward system is the optimal way to accomplish these goals. Instead of giving an opinion to everybody in private, security and IT professionals can craft the achievement system. They can also help to follow the progress of each employee and take the precautions if necessary.


Encourage teamwork. Everyone should be motivated to stay protected against cyberattacks, thus mutual team effort can strengthen the organization’s resilience. Employees should work in teams to solve riddles with their colleagues—for example, in a cybersecurity workshop, they can be asked to craft a phishing email. This will encourage them to find out more about this attack vector, to look at the examples of it, and thus easily recognize them next time around.

Be clear. For information security professionals, technology and cybersecurity jargon is a native language. Yet, for people from other departments, it’s just a meaningless set of words. Make sure to express your ideas as simply as possible and to explain every term in plain language so the relative layman understands and remembers.

Apply these tips when presenting staff with how to use various cybersecurity tools, such as cloud services or VPNs. With employees working remotely as a result of the COVID-19 pandemic, some of them need to use two-factor authentication or secure connection for the first time as those tools were readily available at their usual workstations. Now, they have to care for their laboratory’s protection as well as their own by themselves. 

Cybersecurity is no longer a domain overseen only by information security and IT departments. In many workplaces, the entire workforce relies solely on digital solutions, and cyberattack prevention requires joint effort by everybody. Therefore, the main notions of cybersecurity must be conveyed in an appealing manner.