Article
October 21, 2025
By Scott Radcliffe
There has never been a more challenging time to be a user on a corporate network. Ransomware and extortion gangs are now billion-dollar businesses built in part by targeting individuals—sometimes even highly privileged users—to steal corporate data. Now, with a big assist from AI, barriers to entry have flattened and cybercriminals have gotten even better at targeting and tricking people into giving them sensitive data.
Why cybersecurity employee awareness matters
It can be easy for organizations to feel like the answer is bigger, better and more agile technical defensive solutions. While those are essential and have adapted at a staggering rate, they are not enough due in part to the defender’s use of AI. Almost as important is recognizing that technical solutions alone are insufficient. Engaging corporate users (employees) more effectively may require not just new tools, but a change in outlook as well as approach.
As attackers seek more effective and creative ways to bypass technical defenses, often by tricking users, we need to update our approach to helping organizations fight back.
Limitations of periodic cybersecurity trainings
Study after study shows pretty clearly that the old approach to employee cybersecurity education and training just isn’t working. Worse, a healthy dose of fatalism can creep into the mindset of security teams. This thinking resigns them to the notion that user mistakes are generally unavoidable. Collectively throwing up our hands and giving up isn’t an option. It’s time to think more creatively about employee cybersecurity education and training. While the substance of training is important, organizations often focus so much on what information needs to be shared that they neglect to consider how to effectively engage their intended audience.
Making users click through a cybersecurity awareness training session once a year, then testing them at the end or with simulated phishing exercises, isn’t good enough. We should view cybersecurity training and education for employees not as a singular task, but as a communications campaign that requires design and delivery to maximize stakeholder retention of its key messages. That means more frequent, concise and engaging initiatives, rooted in insights specific to your organization, tailored to unique audiences and delivered across multiple platforms.
Empowering employees for better cybersecurity outcomes
Designing your security with the understanding that compromised user accounts are frequently the way threat actors breach corporate environments isn’t the same as treating user security risk like it’s a hopeless problem. This issue is too important, especially now, to view any other way. It’s a collective responsibility, one that leverages the skills and expertise from across the organization to help mitigate a core source of organizational risk.
Bottom line: Humans aren’t perfect, and they’ll continue to make mistakes. Bad actors will continue to be creative, tricking a platform provider’s helpdesk to give them access to customer data or offering corporate users a cut of any ransom to extort from the user’s employer, or in any number of other ways.
It’s time to find better ways to arm users with the knowledge they’ll need to fight back.
Opportunities exist to help organizations plan and execute a strategic approach to cybersecurity education so that employees cannot only access but also retain the right information.
Scott Radcliffe is FleishmanHillard’s global director of cybersecurity, leading the firm’s Cybersecurity Center of Excellence and advising clients on rising cyber risks. He recently rejoined FH from Apple, where he led cybersecurity communications and previously served as the agency’s senior global data privacy and security expert.
See what else is happening
You might also like
-
Expertise
Augmented Judgment, Accelerated Execution: AI’s Role in Crisis, Issues and Risk Management
October 14, 2025
-
Expertise
From Transaction to Trust: Moving Beyond DTC in Health Communications
October 6, 2025
-
Expertise
Why Global Agencies Must Rewire for the New Era
October 1, 2025
-
Expertise
5 AI Risks Every Company Should Be Aware of – and What to Do about Them
September 24, 2025
-
News
Global Managing Director EJ Kim Brings New Leadership and Strategic Innovation To TRUE Global Intelligence
September 4, 2025
-
Expertise
A Look At Our Most Powerful AI Ingredient: People
September 2, 2025
-
Expertise
Elevating Cybersecurity Messaging After Black Hat 2025
August 27, 2025
-
Expertise
The Answer Engine Era Is Here
August 20, 2025
-
Expertise
A New Approach to Modern Comms: What It Takes to Win in a World Defined by Uncertainty
August 19, 2025
