Video. Audio. Powerpoint. Escape game. Article. Chat format. There are so many communication formats that it’s difficult to know which one is best to effectively train your teams.

And yet, this difference is fundamental to run a successful cybersecurity awareness program. People have a limited attention span and, if the goal is to transform your teams into an active element of your cyber defense strategy, it’s important to maximize the attention and memorization they dedicate to this topic.

Which format works best? This is something we asked ourselves at Mantra when we chose to build a cybersecurity awareness tool.

It seemed to us that there were 3 main questions:

  1. Which format do users prefer? It’s hard to ignore your users’ preferences when creating courses, they have to enjoy the format…
  2. Which format is the most flexible and easy to adapt? Cybersecurity is a constantly evolving field and each company has its own specific needs, so it’s important for a tool to be adaptable
  3. What works best from a memorization perspective?  After all, the goal is for your users to remember the cybersecurity content you send them

Here’s our thought process:

1. Which format do users like the most?

What do users think? Which format do they like best?

Of course, videos can be a useful tool to engage your teams. One needs look no further than the world phenomenon that series like Game of Thrones or Squid Games (and the habit of binge watching) have been to realize the potential of this format.

Between 2017 and 2021, the average time spent watching Neflix for American adults increased by 50%.

But the flip side of this is that shown average content, and given the multiple alternative options available, a user will switch to something else. Compromising on video quality will lead to a drastic decrease in user engagement: there’s nothing worse for a cybersecurity awareness program than an average video that users launch while going to grab a coffee.

And let’s be honest: creating quality video content is difficult and expensive. In Hollywood for example, the race to produce blockbuster films and captivate audiences has led to production budgets doubling between 2013 and 2019.

If video is nothing new, other tools have increased in popularity these past years: Whatsapp, Facebook Messenger, Teams, Slack…

People are now used to chatting via instant messaging. All customer support teams now use these functionalities (chatbot on almost every website, Delta airlines customers service via Messenger…).

People want to have conversations.

And this is relevant for awareness courses: it’s a simple, effective and stimulating format.

Video is tempting. But again, the difficulty to produce high quality content at scale is a serious obstacle. This is why it made more sense to us, at this stage, to choose a textual conversational format - with a little bit of humor - to easily engage users.

2. Which format is the most flexible and easy to adapt?

Cybersecurity is a constantly evolving field. The attack vectors used by hackers (spoofs of widely-used services, payload types, scenarios chosen) grow more diverse, protection norms (multi factor authentication) evolve and hackers structure themselves in specialized groups: Raas (Ransomware as a Service) or IAP (Initial Access Provider).

It’s therefore important to portray these changes accurately in cybersecurity awareness programs.

Moreover, each company has its own guidelines, its own vocabulary, and its own rules and procedures (for verifying invoices received for example, something that’s relevant in a supplier business email compromise attack).

To be relevant and consistent, cybersecurity awareness courses must then incorporate these elements like for example having the company’s rules on passwords, its IT contacts, or using the names of the company and its CEO.

It is therefore paramount to address two challenges: first, to keep your users aware of the latest evolutions, technics and tactics the hackers might use and second, to give each company a free hand in personalization.

However, it’s difficult to easily edit a video or to personalize it once it’s been filmed, edited and finalized. Likewise, creating a brand new one from the ground up rapidly on a given topic isn’t easy.

Conversely, using conversational formats, like a chatbot, is very flexible. It enables the administrators to easily personalize the content of pre-existing courses, to edit them to reflect the company’s specific procedures, and even to create their own courses in a few clicks and to deploy them easily.

Easily edit existing courses or create new ones from scratch

3. What works best for memorization?

The goal (and this goes without saying) are for your teams to remember the learnings of your cybersecurity awareness program.

So we asked ourselves, which format is the most memorizable? And do studies support one over another?

With this goal in mind, we found the conversational chat format to have two significant advantages over video.

  • First, the user’s disposition is going to be better before written content. The proliferation of video content, first on TV and then on social network apps (Instagram, Tik Tok) has led users to consider this format to be superficial by default.

    On the contrary, text format is considered with a different disposition: the user is more concentrated, ready to consider the text as dealing with a serious topic worthy of their focus.
  • Secondly, the conversational chat format can easily be interactive and thereby makes the learning process active, and more effective. Frequent interactions via multiple choice questions will set the learnings in the memory of the users thanks to the implication and active thinking approach they require.

The difference between text and video has been supported by several studies:

  • Studies by the University College of London’s psychology department have shown that when adults read news or fiction, they remembered more than if they have listened or if they had watched a video presenting the same content
  • A study by authors from the University of Northern Colorado and the James Madison University, eloquently titled “They hear but do not listen”, has shown that the test results of students who read the test content were better than those who had listened to it via podcast
  • A study from the University of Waterloo, Canada, has shown that passive listening (as opposed to reading) was associated with the lowest concentration and memorization performances

Conclusion

Even though video might be tempting on paper, we’ve grown so accustomed to watching high-quality content that the risk of producing content that will be perceived as “average” seemed too high to us. We thought it better to base a cybersecurity awareness program on an interactive conversational format, one that users appreciate.

This allows you to engage your users easily on a conversational mode and on a channel that they’re accustomed to using frequently. Moreover, it’s an extremely flexible format, one that allows companies to update, adapt or create cybersecurity awareness content very easily, as opposed to editing a video.

Finally, several studies have shown that from a memorization standpoint, this option seemed more suited to allow companies to easily deploy their cybersecurity awareness program.

If you want to check it out, don't hesitate to try out our various cybersecurity awareness courses by following this link