Forgetting Curve according to Dr Ebbinghaus: Why cyber awareness training is an ongoing process

Written by Hornetsecurity / 02.05.2023 /
Home » Blog » Forgetting Curve according to Dr Ebbinghaus: Why cyber awareness training is an ongoing process

People learn in different ways, at different speeds, and using different methods.

The appropriate method depends on one’s own learning preferences. Some people prefer to learn by listening, others by watching a video, and others by reading. These different methods also vary depending on the subject we’re learning and the context and while some people think of themselves as visual learners, it’s been shown that we all use various methods at different times to learn. It is obvious that the different preferred methods of learning should play a major role in the design of a strong security awareness service.

The German psychologist Hermann Ebbinghaus did a study (with himself as the subject) which was published in 1885 on the retention of learning over time and various ways to improve it – the Forgetting Curve. A subsequent study was published in 2015 which largely upheld Ebbinghaus’s findings. The basic premise of the Forgetting curve is that if you learn something only once, you’ll start forgetting it quite quickly, repeat learning on the other hand helps you retain relevant knowledge, this is called Spaced Learning. You can also improve knowledge retention by ensuring that what you’re learning has meaning for you and by checking your knowledge regularly.

In view of the findings of the forgetting curve according to Dr. Ebbinghaus, we need to take both learning methods and retention into account when we plan security awareness training.

The art of a good security training program is to involve all participants, regardless of which learning method is preferred and what the individual learning speed is. This is a real challenge, to which we at Hornetsecurity dedicate ourselves with our Security Awareness Services. The knowledge that is imparted in training courses within a company can be quickly forgotten if the training isn’t adequately designed and planned.

Practice Makes Perfect

In a nutshell, the Ebbinghaus’ Forgetting Curve states that learning content must be repeated several times before it is permanently memorized. The forgetting curve itself illustrates the degree of failing to remember as a function of time. The more time passes, the more is forgotten.

After just one day, only half of what has been learned remains in the memory, and after two day s, only a third. One week after learning, on the other hand, the memory capacity has already shrunk to 23%; less than 15% of what has been learned is permanently stored.

Is learning then of any use at all? The answer is yes, if you do it right. If you learn regularly and practice or repeat what you have learned over and over again, knowledge retention is vastly improved, which is called the spacing effect. We, at Hornetsecurity, make use of this knowledge with our Security Awareness Service. The training service is structured in a sustainable way to mitigate the effect of the forgetting curve. 

One strength of our blended learning approach which keeps the learners engaged is the Employee Security Index (ESI), please download our free ESI® Benchmark Report for more information. Through this benchmark report , we can individually consider the training goals of each participant and thus create an optimal learning curve. In this way, we succeed in anchoring the important topic of security awareness in the minds of the participants.

The New normal

The days of a company’s data being stored on servers in their own datacentre, only accessible from systems under IT’s control are long gone. The Covid-19 pandemic has accelerated digital transformation in businesses everywhere, and nowhere is this more pertinent than in the work from home reality. This brings additional cyber security challenges, including making a thorough onboarding process challenging. Hornetsecurity recently conducted a survey of over 900 IT Professionals about Remote Management challenges. 80% of respondents believe that remote working introduces extra cybersecurity risks and 75% are aware that personal devices are used to access sensitive company data. Read the full report for free here.

Today’s distributed workforce also increases the need for frequent training events on security, the adoption of a learning culture in the company through an open learning environment and encouraging knowledge sharing.

Automatisms are the goal

A good Security Awareness Training program repeats the content so often that the knowledge is anchored in the long-term memory and automatisms are formed in everyday life. Automatisms means the actions are performed without conscious thought, for example, the sender of each e-mail and its attachments are carefully checked before opening.

If IT security training is only undertaken once – for example, in the form of a block training session – it is highly likely that the participants will have forgotten most of the content after just one week. In other words, if the training isn’t repeated, at the end of the day the simpler, faster, and old behaviors will reappear – and prevail.

Frequent learning should therefore be an ongoing process to combat the forgetting curve. The reason for the training must be repeated over and over again. The training must happen again and again. And the content must be presented to the participants again and again using a wide variety of media, including mobile learning. There’s an old military saying, “eternal vigilance is the price of peace”, which we can co-opt and use to emphasize the importance of complete training for all staff.

All this is taken into account in our training content, with a learning experience created for memory retention. Hornetsecurity involves the staff at every level of knowledge, making it clear why security awareness is so important and ensuring that the content learned is repeated. Best of all, it’s mostly automated, with very little administrative work from you in ensuring that all staff gets to prioritize training to reinforce learning and that they retain information permanently.

Wrap-Up

By combining well trained and suspicious users (who are less likely to fall for phishing emails and other social engineering attacks) with a strong Advanced Threat Protection solution such as Total Protection by Hornetsecurity security teams  will be well on their way to achieving complete cyber protection for their organization.

Curious to know more about our Security Awareness Services? Then contact us now to request a demo and turn your employees from a risk factor to a security asset.