6 Reasons Experiential Learning Is the Better Approach to Security Awareness Training

Posted by Living Security Team
June 23, 2021

Share Article

Maybe you’ve heard a thing or two about experiential learning, the new teaching style where people learn through experience instead of theory alone. 

This modern educational practice is being used in schools, during onboarding, and beyond—and is gaining quite the momentum! That’s why Security Awareness Program Owners everywhere are beginning to integrate experiential learning into their cybersecurity awareness training programs.

From encouraging teams to participating in virtual escape rooms to playing hands-on cybersecurity games, big companies like Mastercard are jumping on the experiential learning bandwagon for training. 

In this article, we'll explain why program owners are adopting this new style of learning and how it’s transforming security initiatives across the country. 

Could yours be next?

1. Experiential learning boosts retention.

There’s a huge difference between hearing about or watching someone do something and actually doing it yourself. 

Just like high schoolers in woodshop use real tools to shape fantastic projects, experiential-style cybersecurity programs get employees involved in hands-on problem-solving—helping teams move beyond theory to practical use.

It’s the reason why security programs that leverage interactive games, escape rooms, and virtual reality technology are typically more successful than programs using video lessons and follow-up exams alone. 

Learning through real-life experience simply facilitates better understanding and retention. In fact, experiential learning fosters a 16x increase in retention, on average.

2. Experiential learning is more engaging.

In experiential learning, people actually experience situations first-hand. That means they’re participating in their education instead of solely listening or watching.

Instead of dozing off behind a computer screen, those in an experiential learning-based cybersecurity program actually get involved. 

Whether that means working with teammates to find a solution to containing a simulated breach or explaining why you wouldn’t trust opening an email, employees are applying security theory to a real situation and using critical thinking to problem-solve. In this way, experiential learning forces interest and engagement instead of just passive listening. 

3. Experiential learning starts a critical shift around cybersecurity training.

Many teams see cybersecurity training as a chore. It’s something employees loathe to do because their company pushes training through fear, shame, and obligation or because they don’t see the value. 

But with the right encouragement and incentive, experiential learning can be the foundation for an organizational shift in how cybersecurity responsibility is perceived across all departments. 

Instead of boring videos and checking boxes to get IT off their backs, employees may start to see the fun in training—and feel like they’re leaving with practical knowledge they would actually use in the future.

4. Experiential learning is actually FUN.

Oftentimes, experiential learning exercises are in-and-of-themselves games. They’re not like a classroom where someone sits idly or takes notes. Employees are actively involved and interacting with one another. 

In an escape room setting, for example, employees work in one team to solve an interactive puzzle—collaborating to find a solution. While in virtual reality (VR) simulations, participants are performing real tasks and interacting with cyber threats.

Whether working in teams or alone, experiential learning games are stimulating, and often get participants out from behind their desks. Even exercises you can do seated are mentally or emotionally engaging!

5. Experiential learning creates a safe learning environment.

A key principle of experiential learning is that employees are participating in simulated cybersecurity threats. While learning about real-life scenarios, teams are in no way at risk of jeopardizing your organization’s actual security posture.

Because these exercises are gamified, employees feel less pressure to perform perfectly. There is room for mistakes; in fact, mistakes help them grow. And since many experiential learning exercises involve teamwork, employees learn together. Suddenly, Jane knows Tom’s weaknesses and Jack knows Betty’s—and as a unit, they can support each other without judgment. 

6. Experiential learning gives you powerful insights into improving your security awareness program.

Instead of digging through flat test results, department heads and program owners alike can witness where certain employees are struggling—as well as where they’re excelling! This first-hand knowledge allows organizations to curate security awareness program modules around every individual or department’s specific needs. 

Say Hello to Human Risk Management 

Experiential learning can certainly transform your security awareness initiative—making it both more engaging and more effective.

But experiential learning is just one trend in the bigger picture of human risk management...

Download our ebook to discover other ways to enhance your security program: 7 Essential Trends Of Human Risk Management

Subscribe To Learn How To Prevent Cybersecurity Breaches

Additional Reading