Leadership needs to make retention, not just engagement, the ultimate measure of success. Credit: Thinkstock In case you haven’t noticed, public airline safety announcements (PASAs) just got more interesting. People genuinely enjoy these formerly tedious messages.Wouldn’t it be nice to see everyone in an organization engaged in the same way when immersed in complex cybersecurity awareness and policy? Perhaps we can learn something from the airlines to enhance this type of engagement.The good news is that we can. Unfortunately, the lessons the PASA teach are a bit different than you might imagine. Let me explain.I’ve studied the effectiveness of the PASA in depth, and one of my takeaways is that the communication of important messages starts as a leadership issue, not a creative one. For example, as the entertainment levels of the PASA increase, retention is still below the 50 percent level, and that level drops significantly beyond two hours. Why? The naked truth about too much infoThe Federal Aviation Administration provides a mandate for what must be covered during the PASA. The airline complies. Yet nowhere is it required that passengers retain the message. There’s no test to see what people actually remember. Thus, engagement becomes the measure of success, not what is actually learned. The result: poorer decision-making when it’s needed most. Just look at the passengers standing on the wing of the plane that landed in the Hudson River; only a few were wearing life vests.The PASA is (and always will be) an impossible laundry list of thirteen checkoff points, regardless of how they are delivered: in song, via cartoons, or by deliveries from naked airline attendants (yes, Air New Zealand did that). There are just too many points of information given in a short two-minute frame. Cybersecurity awareness is vastly more complex than a PASA. Yet the same logic in communicating key points is often followed—that is, half-day or full-day sessions bombarding the non-tech executive with too many data points to be truly assimilated, just like the information in the PASA.Challenging leaders to think differentlyGenerating cyber awareness is a big business and there are many new innovative training programs that deserve both attention and praise. But it’s not enough if the leaders of these organizations are not fully immersed in the process. For example, surprising results are achieved when you challenge executives to think differently about retention versus mere engagement.Workshop experiments on using leadership skills to change the PASA experience have led to thought-provoking concepts. Examples include family days at the airport where kids learn the PASA in a fun environment early in life; watching an actual airline accident that wakes you up to the reality of accidents while flying; or using touch screens to answer PASA questions before being allowed to watch in-flight movies.The positive results of turning a boring message into an experience that engages and drives retention suggest a similar path for pioneering ideas enhancing cybersecurity awareness and internalizing proper cyber behaviors.Here are a few examples. Confront the enemyGet to meet hackers (role-playing actors) with the intent to harm your business. After all, confronting the enemy face to face isn’t easily forgotten and leaves you with a memorable message regarding the seriousness of the issue.Imagination sessionsThe malicious actors spend a lot of time coming up with creative ways to hack your business, from replacing your business overnight to holding your data ransom. But looking forward to what will happen rather than in the rearview mirror as to what did happen will allow an organization to anticipate the knockout punch it wouldn’t have seen coming.Behave like the enemyYou can’t defeat the enemy if you can’t think like them or act like them. This experience encourages your participants to act like the adversary by encouraging them to cheat on a test and then assessing their creativity. This will raise their radar regarding how hackers enter your organization’s systems.Within the course of the examples above, the C-suite leaders and their teams expand and retain their knowledge base in order to make smarter security decisions and adapt smarter behaviors. Of course, as a leader you must be willing to invest not just the money and the time to go beyond traditional teaching methods, but your time as well. Otherwise, your organization’s cybersecurity efforts will never truly get off the ground. Related content opinion Communicate or die: Tech leaders who bring information security to life 3 engaging technology leaders, what makes them effective communicators and their tips for effective AI/cyber communication. By Andy Cohen Oct 09, 2018 4 mins Technology Industry Data and Information Security Artificial Intelligence opinion Cybersecurity decisions that can’t be automated Encourage those inside and outside your team to identify and challenge daily assumptions in order to adapt to change, think differently and make smarter, faster security related decisions. By Andy Cohen Sep 17, 2018 4 mins Technology Industry Data and Information Security Network Security opinion How to turn cyber babble into a language we all speak In today’s digital age, assuming everyone speaks the same language will leave everyone frustrated and babbling, including you. By Andy Cohen May 23, 2018 4 mins IT Leadership opinion The database of dangerous assumptions A powerful line of defense in protecting vulnerable assets and stopping malicious attacks. By Andy Cohen Apr 09, 2018 3 mins Data and Information Security IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe