Select Page

Goodbye, security awareness training!

CYBSAFE-SebDB Webinar-preblog-221011MS-36

25 September 2022

It’s time to pull the plug on traditional security awareness training


We know it’s hard to let go. But this is getting out of hand.

Traditional security awareness training has been on its deathbed for so long now that our eyes water whenever we get a whiff of it.


It doesn’t really do anything. The costs just don’t make sense. And the mere mention of it just makes your people sad.

It’s time to move on. 

So, we’ve put together a free, online plug-pulling ceremony, ‘Security awareness is dead (or dying)’,  to give you a chance to say your goodbyes.

Bring your own snacks.

Security awareness webinar

The five stages of grieving traditional security awareness training

In preparation for the event, we’ve written a little about the five stages of grief, specific to the death of traditional SA&T. We hope that they’ll help you understand your feelings, and, eventually, come to terms with the loss.

Stage 1: Denial

Change can be difficult to accept. In fact, it can be outright frightening. And it’s normal to want things to stay the same. However, it’s all part of the grief process.

Signs and symptoms of denial include:

holding on to the idea that traditional security awareness training changes behavior;

relying on technological security to protect your organization from security breaches; or

believing that a security breach won’t happen to your organization.

Stage 2: Anger

Anger is a mask used to hide our emotions, or at least avoid confronting them. While it’s normal to feel angry, taking things too far can cause lasting damage to your relationships.

Anger may be driving you to do things like:

punishing people for ‘failing’ or not completing their training;

assigning even more tick-box security training to your people; or

saying things like “humans are the weakest link”;

Stage 3: Bargaining

Dealing with a flood of emotions can make you feel like you’re losing control. It’s common to agonize over all the things you could have done differently, or even try to make a deal with a higher power.

You’re probably in the bargaining stage if you’re:

requesting a budget increase for your current (traditional) security awareness training solution;

researching new vendors … that offer the same old approach to security awareness training; or

considering hiring a new IT or security department.

Stage 4: Depression

Perhaps the most difficult (and worrying) stage of grief, depression can quickly overwhelm you, so it’s important to have a strong support system in place.

You could be depressed if you’re:

weeping over all the money you wasted on traditional SA&T;

staring at your click rate and report rate data every day, while sighing heavily; or

wondering what the point of cybersecurity is.

Stage 5: Acceptance

Accepting something doesn’t necessarily mean you’re happy with it. It means you finally understand it, and are prepared to move forward.

Acceptance manifests in different forms, like:

learning more about what drives risky security behaviors;

taking steps to reliably measure risk and behavior change; or

introducing a solution that influences behaviors.

Remember to put your name down for ‘Security awareness is dead (or dying)’—a safe, online space we’ve created to help you say goodbye to traditional security awareness training.

Behave Hub newsletter CybSafe

Do one more thing right today. Subscribe to the Behave newsletter

You may also like