Research by Gartner.

Discover Three Critical Factors in Building a Comprehensive Security Awareness Program.

Key Challenges 

  • Most people forget the majority of what is presented in a training program that occurs infrequently. 
  • Interactive simulations produce higher levels of skills retention than the mere presentation of recommended security actions, but they are difficult to measure compared to other awareness metrics. 
  • Audiences are bored by education programs that fail to leverage a variety of media and content styles.


Security and risk management leaders overseeing an information security program should:

  • Assess the culture of the enterprise to determine requirements for the specific messaging, delivery and frequency of security awareness information that will ensure consistent, desirable behavior.
  • Leverage an attack simulation product, such as a phishing simulation program, to help identify key pockets of risk within the enterprise audience, deliver social engineering attacks and provide just-in-time training and teachable moments.
  • Use communications and marketing tools for ongoing reinforcement of good behaviors and to keep security top-of-mind. Consider building a communications campaign with a mix of digital banners, web events and messaging on techniques to help reinforce lessons.