Arrow back

Why positive reinforcement is the key to reducing your risk of breach

27 January, 2022

When it comes to data breaches, the fact of the matter is that it’s a matter of ‘when’, not ‘if’ it happens to your organisation. According to Hiscox, every 19 seconds a business in the UK is hacked, highlighting the seriousness of the threat posed by breaches.

Whilst there are steps you can take to reduce your risk of a breach, like cybersecurity awareness training for your team, the fact remains that no business is immune to human error.

That’s why, when this type of breach occurs, it’s vital that you understand not only how to react, but the steps you can take to further reduce your risk and maintain a positive culture around cybersecurity.

Oftentimes, businesses will react to breaches by investigating and tracing the faults their employees have made that compromised security. It is not uncommon for employees to receive punishment for their actions, even though they may be completely unaware that they have put the business at risk. Punishments can vary from a meeting with a manager to discuss the incident, to receiving a formal warning or even dismissal.

However, this type of reaction is not only ineffective at preventing future incidents, it can be actively harmful to the cyber health of your organisation.

The most effective way to combat future cyberattacks? Utilise positive reinforcement to educate every employee in your team. Don’t believe us? Join us as we share everything you need to know about positive reinforcement.

What is the positive reinforcement theory?

The positive reinforcement theory was introduced by psychologist B.F. Skinner in 1938, involving the use of a reinforcing stimulus following a behaviour, in order to increase the likelihood of that behaviour happening again.

It’s an inherently intuitive theory, one that suggests praising positive behaviours helps to lock them in as standard behaviours in the future.

However, the theory also suggests that taking a non-punitive approach to mistakes is the most effective way of reducing them - especially in cases when correcting a simple mistake, rather than intentionally harmful actions.

How can the positive reinforcement theory be used to prevent cyberattacks?

At the core of your cybersecurity protections should always be your staff. They’re the most important defence your organisation has, and so it’s imperative that you create a culture where making mistakes isn’t the end of the world.

Fear of repercussions is the leading reason why teams don’t report breaches or suspicious activity. When breaches don’t get reported, they don’t get spotted until it’s too late and the opportunity to correct mistakes passes by.

A positive reinforcement culture within a business means that when a mistake inevitably does occur, that person feels empowered to come forward and discuss it. The case can be shared with the team and even turned into a positive learning experience for everyone. After all, the best lessons are the ones we learn from real life.

How does Bob’s Business incorporate positive reinforcement?

Positive reinforcement is key to Bob’s Business’ training methods. Don’t believe us? Look no further than Bob’s Phishing.

As part of our phishing simulations (included in Bob’s Culture and Bob’s Phishing) employees are sent simulated phishing emails. For those that click the link, they are redirected to one of our Think Before You Click courses. With the only repercussion for their mistake being positive, engaging training, this helps remove the fear and stigma associated with phishing attacks and effectively reduces their risk of clicking in the future.

Our award-winning phishing simulations are a highly effective way to introduce all of the different types of phishing scams that are being used, in order to educate employees on what to look out for. By regularly completing these phishing simulations, your employees think about the legitimacy of the emails they receive and understand what actions they need to take to protect your business.

Ready to learn more? Find out more about how our phishing simulations can reduce your risk of breaches.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance