We use cookies to analyze our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information you have provided to them or that they have collected based on your use of their services. Read how we use cookies and how you can manage them by clicking on "Preferences".

Preferences Accept

Privacy Preferences

When you visit our website, the website may store or retrieve information via your browser, usually in the form of cookies. Since we respect your right to privacy, you can choose not to allow the collection of data from certain types of services. However, not allowing these services may affect your experience.

Privacy policy

You have read and agreed to our Privacy policy

REQUIRED
LinkedIn & Twitter

We use the LinkedIn and Twitter services to enable social networking content on this site.

Google Analytics

We use Google Analytics to analyze website traffic.

Privacy policy
9 Feb

How do you measure security awareness?

Is awareness of privacy and security risks measurable? It is often said that the greatest security and privacy risk is between the keyboard and the chair. Just the human. It seems simple: if you do that, you have the greatest risk. When we look at people in combination with security and privacy, there are generally two things that need to be improved: knowledge and behaviour. Behavior is immediately one of the (soft) things that is difficult to measure. Nevertheless, it is possible to give an indication. But how do you do that? How are you going to measure security awareness?

Measuring security awareness starts with the question: What needs to be improved and how much?

Determine together with your team what the desired behavior is on numerous topics or risks. For example for phishing: the number of phishing victims must be reduced by x%. The % of phishing reports must be increased by x%. That's how you go about a number of topics. You will then perform a baseline measurement on all subjects and record the methodology so that you can repeat this. In addition, you determine what it would cost if, for example, a phishing attempt succeeds. The latter can be quite difficult, but this makes measuring the awareness program meaningful.

Motivation and communication

The theory is that when someone has more knowledge of the risk and thus recognizes the risk , the behavior is also automatically adjusted. But it's not that simple. People who have no interest in a particular subject are also not motivated to learn about it. Communication from the company is the key to success. We recommend organizing a kick-off and bringing the employees together. During this meeting the importance of security and privacy is discussed, but you can also play a group game. Besides being fun, it helps enormously in the motivation to want to know more about this topic. Then the program can start. We help companies with communication, for example by starting with a trailer. The trailer generates curiosity and a high level of activity already in the first weeks of the program.

The security and privacy awareness program

With our online training program we not only ensure that the correct knowledge is given to the employees in small chunks. We also make sure that they stay motivated to do so. Our goal is that they are curious about the next training and that they will do the challenges and webinars through that training or e-learning modules. Everything is measured for which employees receive points, badges and rewards, gamification as a means of motivation. Because we measure everything, we can say something about the knowledge, but we had set goals in the beginning. Of course they have to be met. And by taking all measurements together, we can also say something about the behaviour.