March 26, 2019

A lot of online learning is dreadfully dull. There has to be a better way – and there is.


In a world where regular upskilling is essential to careers and competitiveness, the shift to training by video offers undeniable benefits: reduced cost, greater convenience, and the ability to train large numbers of people at the same time regardless of location. Video training also allows trainers to see results and activity in real-time – while getting rid of the inertia which can take hold in a classroom setting.

But video education isn’t without issues. When designing a course of online security awareness training the peculiar characteristics and limitations of the format have to be addressed – otherwise effectiveness will be reduced. Too often video education is built around a flow of one-way information broadcast to a (largely passive) receiver. By weighting programmes toward content delivery, e.g. lengthy blocks of text followed by multiple choice questions, the emphasis is on reading and viewing rather than thinking and doing.

The truth is, too much online security awareness training seems designed to send e-learners to sleep. In the cybersecurity realm that’s a genuine concern. Obtaining people’s buy-in is essential to establishing a security-aware culture and the entire purpose of online security awareness training is to switch people on to the risks and behaviours that confront them every day – not lull them into a video-induced stupor.

The flexibility and effectiveness of video makes it perfect for modern work environments. But when it comes to adding a bit of zip to the way its delivered, what can be done?


Did you know?

  • 90% of information transmitted to the brain is visual, and visuals are processed 60,000x faster in the brain than text.
  • A single minute of video is worth about 8 million words.
  • The average user spends 88% more time on a website with video than a website without.
  • Viewers retain 95% of a message when they watch it in a video compared to 10% when reading it in text.


Say goodbye to read and remember

We can start by changing the experience – stop delivering content and start delivering structured, real-life scenarios where participants have the opportunity to apply what they’ve learned straightaway.

In security we want people to change their behaviour, not prove they can recall a statement or pass a multiple choice test. That means learners need to be challenged, invited to take part as participants, and asked to explain where and how something has gone right – or gone wrong.

In order for any new behaviour to take hold, it has to be practiced numerous times and in a variety of situations. It also has to be connected to a task or process undertaken regularly as part of day-to-day life before it becomes comfortable and automatic. If a learner can see the practical impact of a risky behaviour on themselves, a colleague, or the business as a whole in the context of their daily workflow, they’ll be more incentivised to retain the information.


How to make video security awareness training better

There are a number of ways to improve video training and engage staff to internalise what they learn, from personalising the courses and building in rewards, to encouraging healthy competition and knowledge sharing.


  • Throwing out the jargon is a good start. Get rid of the complicated, acronym-heavy lingo that dominates the cybersecurity industry and tech in general. It gets in the way of effective communications by confusing meaning and crippling your attempts to make people understand where the risks lie.
  • Stop overloading employees with information.  Break up training into bite-sized modules that immerse people in real-world security scenarios that test their reactions, not rote memory.
  • Embrace gamification. Encourage people to rise to a challenge, not schedule time for a lecture.  Consider setting up leaderboards and offering rewards or prizes to encourage take-up of additional courses that go beyond the core programme.
  • Drop the tick boxes. Keep the training session interactive and avoid long, static presentations of information. Drop the slide shows and keep the focus on everyday situations that keeps employees connected to issues that really affect them.


Security awareness training should be a mechanism to enlist employees as your very own walking, talking line of cyber defence. Making it easier for people to spot and combat cyber-crime should be the objective.

None of that can be achieved if the thought of a sitting a course makes them dread security training and or question why it’s necessary in the first place. Make security awareness training memorable from start to finish, each and every month, and pepper it with insights shared in a way that’s easy to grasp and translate into action.

Want to learn more about providing engaging, interactive and scenario-based training with real teachable moments?  Why not sign up for a free demo and find out how we’re already helping organisations just like yours.

Share this: