How Adaptive Security Awareness Training Drives Better Cybersecurity Outcomes: The Science

How Adaptive Security Awareness Training Drives Better Cybersecurity Outcomes: The Science

Mar 11

Rory Attwood
Rory AttwoodRory Attwood designs and delivers cutting-edge cybersecurity awareness training at OutThink, leveraging generative AI and interactive content to create engaging learning experiences. With expertise in content design, product management, and team leadership, he thrives at the intersection of creativity and technology. Rory holds a Master of Fine Arts in Creative Writing from the University of Michigan and a Double First in English from the University of Cambridge, where he received the University Prize for Shakespeare Studies.
View Profile

Imagine you had the budget to hire an expert one-on-one cybersecurity tutor for every single person in your organization.

Would it be worth it?

The science of learning suggests that it would. For almost as long as we’ve been studying human learning, we’ve known that one-on-one tuition is by far the most effective form of education. A set of pivotal studies in the 1980s found that even compared with optimal group-learning conditions, personalized tuition generates outcomes two standard deviations better for the average student. Advances in our understanding of classroom education since the 80s have done little or nothing to erode this enormous gap.

If you’ve ever experienced one-to-one teaching or mentorship, you’ll have a strong intuition why this is. In an individual teacher-student relationship, every aspect of the learning experience can be customized to the learner’s needs, from pacing to content, teaching style, motivational methodology and more.

A student with a personal tutor need never be left behind, or insufficiently challenged, or forced to sit through material that isn’t relevant to her. Or, to put it in SAT terms: she can’t just click “next,” skip the video, and ask her colleague for the answers to the assessment quiz!

So of course personalized cybersecurity tuition would be more effective than traditional training, whether delivered online or in person. Unfortunately, no organization has the budget for it.

That’s where Adaptive SAT comes in.

What is Adaptive Security Awareness Training?

Given the strong evidence that personalized learning beats group learning every time, it’s not surprising that learning technologists’ Holy Grail is a computer-based learning experience which mimics personal tuition and can deliver some of the same benefits.

Adaptive training, or adaptive e-learning, is the most promising advance in this area. It deploys a range of technologies to create learning experiences which can “self-customize” to meet the individual needs of each learner.

We don’t have the space here to dive into the full range of possibilities opened up by adaptive e-learning, but a few quick examples should give a sense of the potential of this technology. Almost every aspect of digital training is potentially customizable, including content, format, presentation, interactivity, and language. So an adaptive training experience can automatically deploy finance-relevant content for learners who work in Accounts, or replace written text with diagrams for visual learners.

How Data Enhances Adaptive Security Awareness Training

The more data a training system can gather about learners, the more powerfully adaptive it becomes. For example, adaptive training which leads with questions designed to assess each learner’s current knowledge can then deploy only the content each learner actually needs, at the level of detail appropriate for them. Imagine how much that could cut down your organization’s time-in-training!

Historically, this adaptivity has largely been “designed”: that is, customization happens according to rules pre-determined by human educators. This approach already opens up a lot of potential for a single educator to build personalization into a training syllabus or program. However, it’s limited by the capacity of the educator. One person can only take so many variables into account when designing training content.

With the advent of machine learning, however, algorithmic adaptivity has become possible. This machine-mediated adaptivity can take into account a much larger array of learner data and make many more adjustments than would be feasible for a human educator.

Why Human Oversight Augments Adaptive Security Awareness Training

This approach, while powerful, places restrictions on human oversight which are not currently acceptable in most training contexts. The technology is fast improving - and the culture of training is shifting to meet it - but for the time being the most effective adaptive training approaches combine elements of designed and algorithmic adaptivity, aiming for the best of both approaches.

Adaptive learning technology is in its infancy, but it has already proven effective. Studies have found that it is particularly effective for professional training, and for boosting engagement in learner populations.

These strengths make adaptive learning a powerful ally to cybersecurity awareness teams in the form of Adaptive Security Awareness Training.

How Does Adaptive SAT Change Cybersecurity Behaviors?

We all know that cybersecurity training frequently doesn’t engage users: people take the training, but simply don’t pay enough attention for it to stick. While a number of other factors affect training outcomes, this is widely agreed to be the current limiting factor for most awareness teams.

The challenge is: how can cybersecurity training be made more engaging? Until recently, the potential answers to this question have been frustratingly limited by what’s actually feasible. To take just one example: it’s technologically and organizationally feasible to switch from text to video-based training for all users; so these formats have frequently been compared, as if the key to “engagement” were simply a matter of the mode of content delivery.

While video-based training is indeed often found to be “more engaging,” it’s difficult to have much confidence in this data. For a start, video has usually been the “new” format, and novelty generates engagement—until it wears off. Secondly, as learning researchers have known for a long time, there are always going to be learners who prefer text (or audio, or interactive learning). Thirdly, there is evidence to suggest that while learners generally report a preference for video, they don’t actually retain more information from video than from text—and they likely retain less when the video is subtitled. Finally, in the absence of cues to engage actively with the material, video-based learning can be highly passive, which is known to be ineffective.

Adaptive Security Awareness Training Improves Learner Engagement With Cybersecurity

From these observations alone, we can already see how adaptive learning can overcome the limitations of the “delivery mode” approach to boosting engagement. Imagine cybersecurity training which monitors how much video a learner has seen, and delivers video content only when it will be welcomed as a novelty. Or training which delivers video to learners who learn more easily from video, but text to learners who prefer that format.

However, adaptive training offers a far more powerful antidote to disengagement than this. Studies suggest that disengagement is driven substantially by a sense that cybersecurity training is irrelevant to learners. Of course, we know that it’s not! But it’s not difficult to imagine how this perception arises. Of necessity, an organization-wide training program will include a lot of information that is largely or entirely irrelevant to any given individual user.

Most learners only need to encounter irrelevant information once or twice before they begin to feel that the whole training is simply not aimed at them.

Meet Your Users Where They Are With Adaptive Security Awareness Training

Adaptive Security Awareness Training offers a complete solution to this challenge. With sufficient data points about each learner, adaptive training can remove all the irrelevant content from each learner’s program. Furthermore, adaptive training can be customized to specific aspects of each learner’s role, making cybersecurity training more relevant than it has ever been.

If you could survey your organization to ask them whether they want either: more videos, more gamification, or shorter and more relevant training, which do you think they would choose?

Learn more about how to implement Adaptive Security Awareness Training by checking out the Adaptive Security Awareness Training playbook.

Share

Missing Title

Related Articles
What Maslow’s Hierarchy of Needs Reveals About Cybersecurity Flaws
Jane Frankland
01/04/2025

What Maslow’s Hierarchy of Needs Reveals About Cybersecurity Flaws

Read More about AI-Native Cybersecurity Human Risk Management
How Adaptive Security Awareness Training Drives Better Cybersecurity Outcomes: The Science
Rory Attwood
11/03/2025

How Adaptive Security Awareness Training Drives Better Cybersecurity Outcomes: The Science

Read More about AI-Native Cybersecurity Human Risk Management
CCPA Training: Building a Culture of Privacy and Compliance
Roberto Ishmael Pennino
10/02/2025

CCPA Training: Building a Culture of Privacy and Compliance

Read More about AI-Native Cybersecurity Human Risk Management
Data Privacy Week: How Convention 108 Paved the Way for Modern Privacy Laws
Roberto Ishmael Pennino
31/01/2025

Data Privacy Week: How Convention 108 Paved the Way for Modern Privacy Laws

Read More about AI-Native Cybersecurity Human Risk Management
TISAX Training: Strengthening Automotive Information Security and Compliance
Roberto Ishmael Pennino
27/01/2025

TISAX Training: Strengthening Automotive Information Security and Compliance

Read More about AI-Native Cybersecurity Human Risk Management
GDPR Training: Building a Culture of Compliance
Roberto Ishmael Pennino
20/01/2025

GDPR Training: Building a Culture of Compliance

Read More about AI-Native Cybersecurity Human Risk Management
What Is DORA? DORA Training for Compliance
Dr. Charlotte Jupp
20/01/2025

What Is DORA? DORA Training for Compliance

Read More about AI-Native Cybersecurity Human Risk Management
Risk Quantification for Cybersecurity Human Risk Management
Lev Lesokhin
13/12/2024

Risk Quantification for Cybersecurity Human Risk Management

Read More about AI-Native Cybersecurity Human Risk Management
Empowering Organizations with Adaptive Security Awareness Training
Roberto Ishmael Pennino
07/11/2024

Empowering Organizations with Adaptive Security Awareness Training

Read More about AI-Native Cybersecurity Human Risk Management
Cybersecurity Awareness Training for Remote Workforces
Roberto Ishmael Pennino
25/10/2024

Cybersecurity Awareness Training for Remote Workforces

Read More about AI-Native Cybersecurity Human Risk Management
Human Risk Management Gets Adaptive
Lev Lesokhin
08/10/2024

Human Risk Management Gets Adaptive

Read More about AI-Native Cybersecurity Human Risk Management
What is Cybersecurity Human Risk Management? What You Need to Know
Lev Lesokhin
23/09/2024

What is Cybersecurity Human Risk Management? What You Need to Know

Read More about AI-Native Cybersecurity Human Risk Management
Engagement Strategies for Cybersecurity Human Risk Management
Lev Lesokhin
16/08/2024

Engagement Strategies for Cybersecurity Human Risk Management

Read More about AI-Native Cybersecurity Human Risk Management
Enhance Your Phishing Training With Outthink
Lavinia Manocha
02/08/2024

Enhance Your Phishing Training With Outthink

Read More about AI-Native Cybersecurity Human Risk Management
Adaptive Security Awareness Training for Frontline Workers
Lavinia Manocha
26/07/2024

Adaptive Security Awareness Training for Frontline Workers

Read More about AI-Native Cybersecurity Human Risk Management
The Role of Security Awareness Training After IT Outages
Lev Lesokhin
26/07/2024

The Role of Security Awareness Training After IT Outages

Read More about AI-Native Cybersecurity Human Risk Management
Human Risk Management's Eight Dimensions of Secure Behavior Segmentation
Lev Lesokhin
25/07/2024

Human Risk Management's Eight Dimensions of Secure Behavior Segmentation

Read More about AI-Native Cybersecurity Human Risk Management
State-Sponsored Phishing Attacks Target 40,000 Corporate Users: What This Means for Protecting Your Business
Lev Lesokhin
18/07/2024

State-Sponsored Phishing Attacks Target 40,000 Corporate Users: What This Means for Protecting Your Business

Read More about AI-Native Cybersecurity Human Risk Management
Adaptive Security Awareness Training: Unlearning and Relearning Routines
Lev Lesokhin
10/07/2024

Adaptive Security Awareness Training: Unlearning and Relearning Routines

Read More about AI-Native Cybersecurity Human Risk Management
Did You Think Your Password Was Secure? Let’s Talk Password Security
Lev Lesokhin
24/05/2024

Did You Think Your Password Was Secure? Let’s Talk Password Security

Read More about AI-Native Cybersecurity Human Risk Management
Rethinking Security Awareness: Towards a Cybersecurity Human Risk Management Framework
Lev Lesokhin
23/05/2024

Rethinking Security Awareness: Towards a Cybersecurity Human Risk Management Framework

Read More about AI-Native Cybersecurity Human Risk Management
Password Security: Why the UK is Banning Generic Passwords
Lev Lesokhin
17/05/2024

Password Security: Why the UK is Banning Generic Passwords

Read More about AI-Native Cybersecurity Human Risk Management
Instagram Security Awareness Training: A Step-by-Step Guide
Lev Lesokhin
10/05/2024

Instagram Security Awareness Training: A Step-by-Step Guide

Read More about AI-Native Cybersecurity Human Risk Management
Cybersecurity Human Risk Management Forum Kicks Off in London
Lev Lesokhin
18/04/2024

Cybersecurity Human Risk Management Forum Kicks Off in London

Read More about AI-Native Cybersecurity Human Risk Management
Gamification Can Enhance Security Awareness Training – Badges and Leaderboards Are Just the First Step
Rory Attwood
31/01/2024

Gamification Can Enhance Security Awareness Training – Badges and Leaderboards Are Just the First Step

Read More about AI-Native Cybersecurity Human Risk Management