A shift in perception from tedious to fun
Most training – particularly the kind that is required for regulatory reasons – is thought of as a chore. “We just need to get this done to get IT off our backs” is a typical mindset. But if suddenly cybersecurity awareness training is known to involve gameplay, you’ll likely see a shift in mood and motivation. Now when it comes time to work with the IT department, it is perceived no longer as a mandatory undertaking, but as something to look forward to. Something that might actually be (dare I say it) fun.
And speaking of fun: Studies show that the brain is 68% more engaged when having you’re having it. For that reason, you can assume that when you use gamified learning, the chances of your staff retaining what they’ve learned are greatly increased. I’ve read numbers from various studies that show the rate of retention from experiential learning lands anywhere from 75-90%. That said, the one thing all these studies have in common was that the retention rate was much higher in the experiential group than in the group taught in the more traditional way.
Gain immediate insight
Most training concludes with a review of test scores after all is said and done. But with experiential training, you can see immediately where some employees are struggling and where they’re doing well. This first-hand knowledge allows you to not only adapt to and work with individual needs, but to also design future security awareness programs that are flexible with different types of people.
Provide a safe learning environment
A key principle of experiential learning is that employees know they are participating in simulated cybersecurity threats. While learning about real-life scenarios, they are in no way at risk of actually jeopardizing your organization’s actual security. For that reason, employees feel less pressure to always get it right. There is room for mistakes, and as we all know, mistakes help people grow. And because most experiential training exercises involve teamwork, employees learn together and can help each other without judgement. This comradery built on shared training exercises can subsequently help build support for maintaining cybersecurity standards within individual departments.
So, consider switching up your training methods to some more experiential ones. Try some of the games I mentioned in my linked post above. Or consider this cool-looking online Cybersecurity Escape Room. But at the very least, think about moving away from traditional, boring cybersecurity awareness training to something more entertaining and interactive. You’ll thank me later.