Driving behavioral change through multi-modal cyber security training

Cyber security training and awareness (T&A) is most effective when it targets behavioural change, not just knowledge transfer.  

At the heart of any successful programme lies a clear understanding of the human risks your organisation faces and the specific behaviours you need to influence.  

Whether it’s preventing phishing clicks, securing sensitive data, or managing passwords, your interventions must be designed to help people adopt safer habits. 

Risky cyber behaviours and measures of success 

Whilst challenging, work hard to find ways to measure the success of your interventions. Without this metric, how will you know how behaviours have changed?  

Yes, it is hard to measure change in attitudes and feelings but not impossible. If this all sounds a bit overwhelming, start small. For one or two or your known risky behaviours look for evidence of “riskiness”! That means talking to your security operations team and / or your helpdesk. Ask for reports from the helpdesk ticketing system, summaries from monitoring tools, and information about security incidents and issues. This data becomes your benchmark to measure success post intervention.  

You may be reading this and thinking “wow this sounds good but in reality…there’s NO WAY I can make this happen.” Start small, think beyond your traditional compliance metrics like how many people have completed training or clicked phishing simulations.  

Take a multi-modal approach 

When you know your risky behaviours, have a good sense of how you’re going to measure improvement, it’s time to think about interventions.  

A multi-modal approach to T&A ensures broader reach and deeper impact. Four key modes include: 

1. eLearning: scalable and consistent, ideal for foundational knowledge. 

2. Face-to-face training: adds a personal touch, supports diverse learning styles, and fosters conversation. 

3. Phishing simulations: still a cornerstone of many programmes, helping measure and reinforce vigilance. 

4. Awareness activities: nudges and campaigns that keep security top-of-mind at the time the learner needs help. 

Reinfocement, continuity and coverage  

Each mode reinforces the others. For example, a phishing simulation can highlight gaps that are then addressed in eLearning or face-to-face sessions. Awareness campaigns serve as ongoing reminders, embedding key messages long after formal training ends. This layered approach builds resilience over time. 

Importantly, this isn’t a one-off compliance exercise. Continuity is key. Cyber threats evolve, and so must your people. Regular, varied touchpoints help maintain awareness and adapt behaviours as risks change. 

This approach also ensures coverage, reaching people with different learning preferences. Some absorb information best through visuals and repetition, others through discussion or hands-on practice. A multi-modal strategy respects these differences, making training more inclusive and effective. 

The good news? This approach is achievable regardless of budget. Creativity, clarity of outcomes, and a focus on behaviour can drive meaningful change even with limited resources. 

Looking ahead, AI will continue to enhance content creation and delivery. But it cannot yet replicate the personalisation and contextual relevance that cyber security training demand, tailored not just to the business, but to each individual. 

If you’d like to talk about this with Mindshift, we’d love to hear from you.