CBI Blog

5 Ways to Incentivize Employees to Learn About Cybersecurity

5 Ways to Incentivize Employees to Learn About Cybersecurity


If your company’s computer system is breached, more than likely it will come from the inside than outside. According to Harvard Business Review, IBM stated (in a 2016 Cyber Security Intelligence Index) that 60% of cyber attacks were carried out from the inside.

Out of these attacks, three-quarters were malicious while the rest were unintentional. Chances are, there is at least one disgruntled employee hiding behind a smiling face. Does that mean he/she will leak company passwords and expose sensitive information? Not necessarily. But it doesn’t hurt to keep your eyes open.

That and educating your employees on cybersecurity so your company is less likely to have unintentional insider threats will only make your company  more secure but you create a human firewall so you have more eyes (other than IT risk management) watching for malicious insiders. Read more to how to incentivize your employees to learn about cybersecurity.

1. Give Bonuses

Give out bonuses to employees who take cybersecurity training. This could be an end-of-year bonus or a quarterly bonus.

Make sure though that you advertise this at work. While bonuses may differ depending on the job position, level of responsibility, and level of performance, in this case, it may be better to keep the bonus amounts equal for all employee, especially if employees are taking the same cybersecurity training.

2. Give Praise

The truth is, genuine and specific praise goes a long way. Recognize employees who take the cybersecurity training seriously—and even apply it in the workplace.

While praise is good most of the time, don’t give recognition to employees if you just want more employees to learn about cybersecurity. It will clearly come across as not genuine, making employees less likely to actively participate in cyber education.

Also, if you have constructive criticism, give it during a performance review or discuss it with the employee privately instead of pairing it with the praise in public.

3. Involve Employees in the Decision-Making Process

Some employees learn better in team-building exercises. Others excel in a standard PowerPoint and lecture environment. Find out from your team how they best learn and in what ways to best integrate the cybersecurity training in the workplace.

Doing this will show that you care about your employees’ well-being, and will make them more likely to take the training seriously.

4. A Little Friendly Competition Doesn’t Hurt

Perhaps give out a cybersecurity test at the end of training, with the employees who have the three highest scores receiving a prize. Or why not have the first ten employees to sign up receive a bonus?

While a little friendly competition doesn’t hurt, make sure that the work environment doesn’t become competitive and high-stakes. As Harvard Business Review reports, a highly competitive, high-pressure work environment may lead to high performance but can also cause a spike in stress (which can lead to employees seeking health care services).

5. Plan a Company Trip

To celebrate your employees taking the cybersecurity training, plan a company day trip. This could be as simple as having lunch at a restaurant (that is paid for by the company). Or it could be as elaborate as going to an amusement park during a workday.

Whatever you think is appropriate and within budget. You could even combine #3 by seeking what company trip employees would most like to have.

Final Thoughts: Why Consistent Employee Training on Cybersecurity is Important

While it is great that employees take a course in cybersecurity, it doesn’t stop there. Training needs to be consistent. That way, employees stay up to date with the latest trends—one being the increasing rise in social engineering tactics.

At the same time, employees need to learn about insider threats and what to do if they suspect a co-worker could be one. Needless to say, you don’t want to create a work atmosphere where everyone is watching everyone.

Which brings us to how the training should be done. Long story short, an experienced cyber professional should conduct the training. That way, he/she can adequately answer employee questions and give concrete, real-life cyber examples. Has your company invested in cyber training?

CBI Can Provide Cyber Security Skills

CBI, cyber protection Detroit company, can help provide IT risk management skills to your company. Contact CBI to learn more.