There are both quantitative and qualitative ways to measure the impact the awareness training has on your colleagues.
Here are some of the ways to measure the effect:
- You can measure based on what percentage of the organisation is taking the training.
- Although awareness can be a hard thing to measure, you can measure whether there has been an increase in inquiries regarding security breaches since the start of the training. Just note that an increase in reports of security breaches could also mean that the training is in fact working because employees will notice more when things are done in accordance with the GDPR and safe cybersecurity practices.
- Try a phishing simulation as an add on to the awareness training. You can test out your organisation's phishing resilience with our simulated phishing attacks. Some customers like to send a phishing campaign around the start of their awareness training, and then again after a few months. This way they can get a sense of whether the awareness training has increased email security best practices and phishing awareness, while also training their colleagues to spot and report real attacks. You can read more information about phishing training here.
- You can also try to send out a company wide anonymous survey about the training. You could, e.g., ask them how they feel about the training or if they’ve feel like they’ve become more aware of cybersecurity and personal data protection in their everyday lives.
- Another way to get a sense of whether the training is working is by looking at how your colleagues approach the IT department. For example, are they frustrated when they are prompted to create a new password, or do they understand why this is important? Same thing with regular computer updates.
Note: If your training completion percentage is higher than 80%, you are doing better than our average customer. You can find more information on measuring the effectiveness of awareness training right here.