麻豆传媒映画

Cyberthreats are a daily reality, yet many business-to-business organizations unknowingly weaken their defenses with ineffective employee training programs according to researchers at 麻豆传媒映画鈥檚 (DiLab).

A study from Fowler College of Business management information professors Kaveh Abhari, Morteza Safaei Pour, and Hossein Shirazi, published in the , reveals cybersecurity readiness programs, specifically within large accounting firms, may be fundamentally flawed 鈥� particularly for non-technical employees. 

Despite cybersecurity鈥檚 strategic importance, they suggest conventional staff training often misses the mark, overloading employees with redundant, irrelevant, or impractical information.

In response, the researchers introduce a new framework designed to improve training effectiveness, which they call the LEAN Model (Localize, Empower, Activate, Normalize). 

The Problem: Mistraining and Overtraining

Many cybersecurity programs overwhelm employees with excessive or repetitive information with no practical value.

鈥淲hen training bombards employees with generic cybersecurity lessons, it dilutes their ability to respond effectively to real threats,鈥� said Abhari. 鈥淭he result? Confusion, disengagement, and ultimately, a false sense of security.鈥� 

Through surveys of non-technical employees at , the researchers uncovered alarming insights: 

• Irrelevance: Employees found training materials disconnected from their actual job functions.
• Tediousness: Many admitted to skimming or skipping content due to redundancy.
• Emotional distress: Some employees feared unintentionally triggering security breaches.
• Hesitancy: Others were reluctant to report threats, fearing potential repercussions. 

鈥淚t鈥檚 hard to take (training) seriously when it feels like 鈥楥ybersecurity 101鈥� for everyone,鈥� lamented one respondent. 

Worse, ineffective training led employees to avoid sensitive tasks, neglect critical security procedures, and even resist digital tools, compromising organizational security and productivity. 

The Solution: LEAN Cybersecurity Training

To combat these issues, the researchers propose the LEAN methodology, a streamlined, role-specific approach that empowers employees rather than overwhelming them. 

How LEAN Works: 

Localize 鈥� Tailor training to employees鈥� specific roles, ensuring relevance and engagement. 

Empower 鈥� Designate select employees as cybersecurity advocates, equipping them with the authority and knowledge to act decisively. 

Activate 鈥� Integrate cybersecurity best practices into daily workflows, fostering team-based security strategies. 

Normalize 鈥� Make cybersecurity a seamless part of routine operations, reducing friction and fear.

鈥淭he LEAN model transforms cybersecurity from a dreaded chore into a natural workplace habit,鈥� Abhari explained. 鈥淲hile it won鈥檛 turn every 鈥榳eakest link鈥� into the strongest, it builds a resilient network where each link plays a critical role.鈥� 

Beyond Research: Helping San Diego Businesses Adopt LEAN

Recognizing the urgent need for more effective cybersecurity readiness, Abhari and his team are now working directly with businesses in San Diego to implement the LEAN model. By partnering with local organizations, they are helping companies redesign their cybersecurity training programs, ensuring that employees receive targeted, job-specific instruction that strengthens overall security posture. 

鈥淭his isn鈥檛 just theory 鈥� we鈥檙e actively helping businesses put LEAN into practice,鈥� says Abhari. 鈥淥ur goal is to make cybersecurity training an asset, not an obstacle, for companies across San Diego and beyond.鈥� 

Read the full study in .