Microlearning takes advantage of the human brain: how to leverage microlearning in cyber security training and awareness

Our attention spans and working models have changed forever. Your cybersecurity awareness training must reflect this! As we move away from traditional training styles, microlearning offers the best opportunity for knowledge retention and recall. 

Did you know the microlearning journey actually began in the 1800s? Psychologist Hermann Ebbinghaus conducted a self-study on learning and retention. He found that when he studied traditionally, only 20% of the information learned was retained four weeks later. When Ebbinghaus switched to microlearning, his retention levels increased to 80/90%! More current research reveals that people are more likely to retain information when it is presented in a shorter format of three to 10 minutes long.  

With microlearning, one potential goal is to substitute long and tedious study sessions with short bursts of learning and development to improve knowledge retention. However, the best solution is to use microlearning in tandem with more concentrated study sessions to refresh key knowledge points and learning objectives.  

A holistic, skills-based approach that incorporates short-sessions as well as engaging long-form learning is essential for improving your workforce’s security awareness. This is particularly important as ArcticWolf data from 2021 reveals that cyberattack rates are growing at 20% a year and are not only affecting businesses, but supply chains, customers, and partners.  

Microlearning also avoids days being taken away from day-to-day work, leading to corporate projects falling behind.  

The need for cybersecurity fortification is greater now more than ever! 

What are the basic principles of microlearning? 

With microlearning, employees are taught valuable cybersecurity information in small chunks, over short periods and frequently. This helps them to not only avoid being overwhelmed with added information but also improves their ability to absorb and recall said information.  

Furthermore, with microlearning, managers can avoid significant disruption to working hours. In fact, micro-learning can even become a constant aspect of an employee’s daily itinerary thus embedding security awareness as a necessary check for all their professional actions.  

Microlearning sessions are: 

• Short: Who would have thought a method with the prefix ‘micro’ would be quick and to the point? As a species, our collective attention spans are dropping at an alarming rate. Content Security data reveals that our distraction free attention span has fallen from 12 seconds to just 8 seconds over the last decade! Our current digital society wants to access information quickly before moving onto something new just as quickly. A cognitive study conducted by the University of California also found that we recognise visual information quick as well; in 1960, humans needed on average 20 seconds to recognise an image … now it takes just 2 seconds! Microlearning keeps information delivery short, sweet, and free from any chance of distractions, whilst also not overstaying its welcome for a society that can ingest information very quickly.  

• Fully focused: Because microlearning sessions must be short and to the point, they must also not be convoluted. Each micro-learning session must have a singular purpose or cyber risk that it is focused on teaching about. Only with this focus can you truly encourage employees to absorb and retain the information. 

• Easy-to-access: Because microlearning sessions must be readily distributed on a consistent basis, they must also be easy-to-access and the session must be frictionless. 

• [Optional] Performance-based leader board: Using a leader board to foster a healthy competitive nature in your workforce is a fantastic way to supplement your microlearning. Not only are you constantly refreshing their knowledge, but you are also continuously building a competitive and supportive nature amongst your employees. People want to win and see their name at the top of a winning list – use this simple optional addition to elevate your microlearning sessions.  

Microlearning takes advantage of the human brain 

Microlearning is so effective in improving an employee’s knowledge absorption and retention because it takes advantage of how the human brain processes, stores and recalls information.  

The human brain is constantly blasted with sights, sounds and interactions at a breakneck pace. According to experts, the brain can only think about four things at one time, whilst everything else is ignored. To do this, the brain filters and stories information using the following methods: spotlighting, chunking and assimilation.  

• Spotlighting: The predictive mind theory posits that the brain uses this filtering technique to focus on essential information and ignore less vital information called anomalies. The brain can spotlight very quickly and when it does this it retains valuable information and keeps anomalous information in the subconscious. Have you ever been at a loud and boisterous party with warring sounds, only to find your ears focusing onto singular conversations around the room with relative ease? This is a form of spotlighting. Microlearning takes advantage of this brain function by allowing the learner to use natural processes to focus on a small, spotlighted task. It is also far easier for the brain to spotlight during a short micro-course than it is to spotlight a long learning session.  

• Chunking: As mentioned, numerous studies reveal that the human brain can recall and store four chunks of information but struggles with juggling any more chunks. If you bombard the brain with chunks and chunks of information, it will struggle to spotlight the most pertinent information and then ascertain which four chunks need to be stored. Have you ever wondered why phone numbers are often split into groups of three to four digits? It is easier for the brain to remember a string of numbers if it is broken into small, manageable chunks. Chunking does not just refer to written information, you can chunk visual information and even audio to better help retention. Microlearning should be built around four chunks/learning objectives to take advantage of the brain’s chunking function.  

• Assimilation: The brain develops ‘schemas,’ a storage function for information. When the brain acquires a new set of information it quickly determines where best to store this information. If an existing schema exists with similar information to that recently acquired, the brain will store it alongside. However, when you get widely contrasting information sets, the brain must keep creating or altering its schemas. When we micro-learn, we put less pressure on the brain and schema production. This is because microlearning sessions are focused on one topic area and, therefore, only requires the brain using minimal schemas.  

In conclusion 

Microlearning participants can recall information 28% faster than traditional learners (ArcticWolf). Furthermore, employees who were assigned persistent microlearning by way of phishing simulations saw their click rate drop to 12%, whilst traditional learners sit at a 26% click rate (Webroot). Further Webroot data reveals that an ongoing security awareness training approach results in a massive 70% decrease in click rates on phishing links! And, to top it all off, Shift eLearning reveals that microlearning creates 50% more engagement in training than traditional methods. 

It works better with the human brain’s best way of learning and retaining information than traditionally longer learning sessions.  

Microlearning lets your mind work at a steady and healthy pace through targeted and concentrated learning objectives rather than multiple longer wider-reaching days of training. Microlearning presents information in the way the brain naturally functions. This can only increase the rate of retention and recall.  

At TSC, we believe that to stay cyber safe, your security culture needs to extend beyond protective software and clicks. We understand that even the best defence technologies can be circumvented by employees who are not aware of the risks and nefarious individuals operating in the cyberspace. Microlearning is one of the most effective ways to build a strong cybersecurity culture.  

If you would like more information about how The Security Company can help deliver security awareness training, raise awareness, increase security skills, and establish a secure culture, or how we can run a behavioural research survey to pinpoint gaps in your security culture, please contact  Jenny Mandley.