Measuring success of cyber security training and awareness

People talk with Mindshift about creating a cyber security culture. What does that mean exactly?

There are theories, platforms, and opinions galore. Even the experts say it’s not easy.

Helping staff with great cyber security training and awareness IS going to reduce human cyber risk.

But helping people move from ‘I do security stuff because I’m told to’ to a place where security behaviours are natural (is this another way of describing a cyber secure culture?) is an evolution. It’s not going to happen overnight.

To answer the question of ‘is our investment in training and awareness paying off?’ some meaningful metrics are needed to see progress, measure success and to inform ongoing training efforts.

Click throughs, completion rates, reported issues, breaches, weak passwords are (should be) easy to collect metrics.

But how about insights into people’s thoughts and attitudes to security which influence their behaviour. Much harder to gather but gold!

How are you measuring the success of cyber security training and awareness in your organisation?