Security Awareness Training Data Is Great…But Wisdom Is Better

Share with your network!


The amount of data tracked throughout every aspect of our lives is ever increasing, as are the opportunities to track even more data.  Whether as a customer, a contributor for your organization, an investor, or even a parent, there is an enormous framework to grow our knowledge and understand the impacts we impose on others and experience ourselves.  However, in cybersecurity awareness training (as in life) data alone is not the rationale that drives decisions, defines success or failure, interprets risk, and so forth.

The Data-Information-Knowledge-Wisdom (DIKW) hierarchy is not a new idea, but its relevance expands as our exposure to technology grows in breadth and depth. Many of you have likely seen a form of the DIKW pyramid (like the one pictured above), as it’s often used to explain the importance of meaningful data manipulation: Organized in meaningful ways, data becomes information. This information is used to educate stakeholders to become knowledgeable on a subject, which in turn leads to wisdom that supports the understanding of an environment and, ultimately, informed and intelligent decision-making.

In business environments, leaders often rely on their experience, business savvy, and gut instinct in lieu of complete information. But while intuition will always play a role in decision-making, business leaders should tap into the data that’s at their disposal, as it can help to reduce risk to customers, coworkers, and communities at large. Though there is an emphasis on data gathering, there is less emphasis on data transformation, which is leading to more “guesswork” than is necessary.

On the other hand, there is perhaps too much emphasis on gathering data for data’s sake without a recognition that not all metrics tell a valuable story. That’s why, within our Security Education Platform, we continually strive to give our customers access to actionable data and business intelligence tools that allow them to combine and organize that data in meaningful ways.


Reporting Tools That Help You Tell – and Shape – Your Organization’s Story

End-user understanding and performance specific to your organization will not be found within a preexisting report. 

It is necessary to assess the knowledge of end users, and how they will behave when they are exposed to potentially threatening scenarios. It is necessary to address end-user deficiencies.  And it is necessary to continuously evaluate progress to increase awareness and preparedness over time — for them and for you.

When considering how you will help prepare your end users to protect the integrity of your organization’s data, networks, and systems, be sure the evaluation of your approach includes a comprehensive look into reporting. If you want to measure ROI…compare results over time…course-correct based on progress…share reports with other stakeholders…and use your data in other meaningful ways, you have to ensure the tools you use gather meaningful data and allow you to organize it in ways that help you learn more about your organization’s risk and apply what you learn to mitigate that risk.


We recommend being able to fulfill the following knowledge capabilities (at minimum). The information fields we note alongside those capabilities are the types of business intelligence features you should seek from your security awareness and training tools:

Knowledge Capabilities Information Fields
The ability to report on user training to understand what users know and need more help learning Training assigned to individual users

Users who completed or didn’t complete individual assignment

Whether individual users pass/fail specific trainings
The ability to report on user performance when faced with potential cyberattacks so you can understand risk and areas for improvement The types of simulated attacks (phishing/smishing/USB) sent to individual users

Users who interact with phishing tests:

  • Open rates
  • Click rates on links
  • Attachment downloads
  • Data entry submissions

Users who interact with an SMS/text phishing test

IP addresses of devices that a test USB drive was plugged into

Correlation of user performance to training

The ability to report on aggregated data to evaluate effectiveness of training for the population, company-wide preparedness to understand risk, and justifying current and future investments Comparison views of assessment campaigns, including click rates over time

Insights into “repeat offenders” (i.e., those who interact with multiple phishing tests)

Identification of questions that were most likely to be answered incorrectly in training assignments, and topics that users struggle with the most

Top individual performers and/or best performing departments