- CISO Guides
- 13 min read
In information security and data protection, we are not always the greatest communicators. We often talk in technobabble and that can lead to being tuned out. Having some fun materials in your bag helps to simplify training messages and communicate essential information more effectively.
The role of Chief Information Security Officers (CISOs) has become more critical than ever in ensuring the protection of valuable data and safeguarding against potential breaches – and a major responsibility for CISOs is to be on the hunt and look out for the best ways to increase knowledge retention and employee engagement.
To this effect, recent data reveals that incorporating character and humour into cyber security training can be a game-changer for maximising behaviour and culture change within organisations.
Recognising the need for a paradigm shift in cyber security training and something new to shake the cobwebs off, we believe cyber security training and awareness should incorporate character-based communications and humour into the learning experience.
Lisa Plaggemier, Executive Director at National Cybersecurity Alliance (NCA), said: “Security teams still tend to design training sessions focused on content, forgetting that the recipients are human beings.” Plaggemier highlights United Airlines’ most-recent safety video for airline passengers as an effective training campaign which used humour to convey complex flight safety protocols.
By infusing training modules with relatable characters (like TSC’s Lax), memorable storytelling, and appropriate humour, organisations have witnessed remarkable improvements in participant engagement, knowledge retention, and behaviour change.
You must look at it this way; sitting an individual down to run through a 30-minute eLearning course on data classification will not be as impactful as making the same individual watch a narrative 5-minute animation on data classification. With the character-based animation, knowledge points that you want employees to retain will be tied closely to humour and easy-to-recall narrative moments. How easily can you talk about the show you binged last weekend compared to the training you were assigned to do last week?
Characters serve as anchors for employees conducting training by creating emotional connections and enhancing the learning process. These characters can be relatable personas or avatars that guide individuals through cyber security scenarios, demonstrating best practices and potential pitfalls. When learners identify with these characters, they develop a sense of ownership and connection, making the training more impactful and relatable.
Introducing characters into cyber security training humanises the learning experience. When individuals can relate to the characters' struggles and triumphs, it triggers empathy and motivation to adopt secure behaviours. Characters in training programs provide individuals with tangible examples to model their behaviour after. This social learning aspect is crucial for driving behaviour change as it taps into our innate inclination to imitate and learn from others.
Humour has proven to be a powerful tool in breaking down barriers and fostering a positive learning environment. Incorporating appropriate humour into cyber security training helps alleviate anxiety and boredom often associated with technical subjects – that some employees can be daunted by. It creates a memorable and enjoyable experience, encouraging participants to actively participate and retain information.
Humour acts as a cognitive stimulant, capturing attention and enhancing memory. By injecting humour into cyber security training, we tap into the brain's reward system, making the learning experience more enjoyable and memorable.
Using character-based games and humour to help people learn is something that helps solidify human understanding. The Game-based Learning Theory describes gamified learning as ‘experiential.’ This type of learning is effective as it builds experiences through role-playing and other games. Furthermore, a separate study titled ‘Gamification of Information Security Awareness and Training’ states that a ‘high level of interactive-ness potentially defeats the tediousness of e-learning.”
When building a security awareness culture, make sure that you include lots of interactive elements that are fun and use humour to make memories. Do not expect a security awareness culture to develop if employees are made to sit in at their desks and listen only to 15 to 30 minutes of monotonous audio files and slides. By supplementing engaging employees in material that is fun and memorable, a company is more likely to vault the boredom hurdle.
Jann Yogman, a highly respected entertainment writer who has worked with the likes of Conan O’Brien, recently pivoted to working with cyber security training and content creation. Whilst he admits lacking expert knowledge on cyber security, he has created a highly successful 4-point framework for creating the most engaging and retainable content in the cyber space.
Let’s run through it with some additional cyber security focused advice from TSC plugged in:
Behaviour change is the end goal of cyber security training and awareness, as individuals must actively apply what they have learned to minimise risks. Character and humour play instrumental roles in fostering behaviour change and creating a cyber security-conscious culture within organisations. By employing relatable characters and humour, training programs can create emotional connections that motivate participants to embrace secure behaviours. The introduction of characters and humour helps break down resistance to change by making cyber security training more accessible, relatable, and enjoyable to your employees. This, in turn, contributes to the establishment of a cyber security-conscious culture, where security practices become ingrained in the organisational fabric.
The incorporation of character and humour into cyber security training is a progressive approach that holds immense potential for CISOs and their organisations.
Not only are you visually enhancing your training and awareness materials, you are also engaging participants on an emotional level and creating enjoyable learning experiences; character-driven and humour-infused training programs maximise behaviour and culture change and is a strategic investment that yields long-term benefits for all stakeholders involved.
If you would like information about how The Security Company can help you to deliver character-based eLearning, animation and gamification and how we help support CISOs as an extension of their cyber security team ... please contact our Head of Business Development and Sales, Jenny Mandley.
The Security Company's vast library of customised and non-customised products and services are tailored for small, medium and large organisations and are available in a variety of languages. We also offer bespoke solutions for organisations that desire training and awareness materials built from the ground up.
© The Security Company (International) Limited 2023
Office One, 1 Coldbath Square, London, EC1R 5HL, UK
Company registration No: 3703393
VAT No: 385 8337 51