Yes, resistance to security training can leave your organization vulnerable by creating gaps in awareness and practices that attackers exploit. To address this, make training engaging and relevant by showing real-world consequences of breaches and tailoring content to different roles. Highlight personal benefits, like protecting employees’ own data, to foster buy-in. Incorporate gamification, simulations, and rewards to increase participation and retention. Most importantly, emphasize that security is a shared responsibility, empowering your team as the first line of defense against threats. Without training, even the best technology can't fully protect your organization.

Yes, you are missing crucial steps. The human element in your security profile is pivotal. So if your team resists first start to ask yourself why. Is it you or is it them and then what can be done to mitigate the resistance. Most commonly, I find a mismatch between the training and the audience is at the core of that failing. Getting that right and doing something alternative that promotes and enhances the human engagement will always win. Making it interesting, not overbearing or accusatory are valuable elements to success.

Start by understanding the internal human cyber risk behaviours within the organization Use the insights obtained to create a well informed security awareness training Teach people how to identify a social engineering attack and how to deal with it Remember that security awareness training must be inclusive. Personalise it to suit individual needs Adopt e-learning modules, role-specific modules, essential tips, blog posts, infographics, videos, interactive quizzes, practical exercises Make sure that the training reflects the current cyber threat landscape Provide an on-demand library of security training resources Identify the most significant human cyber risks by using data metrics and insights, cover them in training session

Resistance to security training from your team is a red flag, indicating potential vulnerabilities in your organization's information protection. It's likely that you're missing crucial steps in your security awareness program. Perhaps the training is too technical, lengthy, or irrelevant to their roles. Alternatively, the training might not be engaging, interactive, or providing tangible benefits. To overcome this resistance, consider the following - Tailor training content to specific roles and departments - Incorporate interactive, immersive, and gamified learning experiences. - Emphasize the importance of security and its impact on the organization. - Recognize and reward employees for their participation and engagement.

You have so simplify the information, use real-life examples or excercices that can get a more personal view about the cyber risks not only in the company but also in personal life. (and how it can affect You)

Resistance to security training often stems from a disconnect between the training's relevance and the employee's daily role. I’ve found that tying security practices directly to real-world scenarios employees encounter fosters engagement. For example, illustrating how phishing can disrupt personal banking resonates far more than abstract warnings about "company breaches." Additionally, training should be a two-way street—encourage feedback on content and delivery to ensure it feels valuable, not burdensome. Finally, making security a shared responsibility, celebrated through gamified team challenges, helps shift mindsets from compliance to ownership. Act now by framing security as a culture, not just a task.

To make your team care about security, tie it to their personal safety. Show how good security practices protect their own data, like bank accounts, emails, and personal identity, from being hacked. When people see how it benefits them, they’ll pay attention.

Gamification is essential for effective security awareness training. Offering small tips on various security topics (such as phishing and laws) along with quizzes is more beneficial. Long videos followed by a quiz feel unproductive.