How Storytelling Makes Cybersecurity Culture Stick

16 Oct 2016 | Michael Waksman

Your office walls may be full of best practices – "Keep your data protected in 5 easy steps" - and rules – "Before leaving the office: 1. Clean your internet history, 2.…" – yet many companies still fall victim to cyber attacks, while unencrypted laptops and memory sticks are getting lost all the time.

If best practices and rules are letting you down… don’t panic! The right solution might be easier than you think.

The Power of Storytelling

Do you recall learning about not taking candies from strangers? I’m sure it wasn’t just because your parents told you not to. More likely, and how I remember, this lesson came from hearing the tale of Snow White. That evil witch still haunts me today!

By nature, our brains are far more engaged by storytelling than by plain facts, which only affect the language parts of our brains. Reading a story, however, involves more of your senses, as well as the language part. Other parts of the brain become activated as if we were actually experiencing the story. Simply put, stories stick better than rules.

3 Tips for Creating a Cybersecurity Story That Sticks

When hearing topics about cybersecurity, people tend to tune out – they may think cybersecurity is too boring, too complicated or just not for them. And so cybersecurity and storytelling are a perfect match.

The objective of storytelling is to turn an otherwise complex idea into something easy and approachable, while also creating an emotional bond to be captured and retained by our brains.

But, how do we make “boring” data become powerful and engaging stories? In other words, how do we make cybersecurity stick? Here are 3 tips:

#1 - Make it real
Cyber is often misperceived as not real. It’s just so intangible – right, it’s virtual! So let’s make cybersecurity more “real” by comparing it to common everyday activities. Think about it… we can better relate to encryption when it’s explained in terms of locking your doors or keeping your valuables in a safe. For example, see how we compare cyber hygiene to more familiar dental hygiene.

#2 - Discover the child in us
You’ve heard it many times before – we all have that inner child. So, let’s bring it out! Take a well-known fable and make it yours. Read how Ali Baba replaced “Open Sesame” with a stronger and more memorable password. Or imagine your own characters and stories … malicious viruses are spreading and threatening to conquer our planet. Tell your kids why they should become the next Cyber Avenger!

#3 - Leave them laughing or crying
As we know, stories touch many parts of our brain – making us laugh or cry. Transforming plain facts and dull technical details into humanized experiences will help you create emotions and establish a bond between you and the audience. Computer processes, software programs and best practices can be explained in terms of natural behaviors, daily tasks and even babies and cat videos! Have you realized that encryption can be as easy as smiling

Don’t Forget the Bad Guy

Before telling your creative new story, there’s just one last question: Did I include a villain?

Villains are an essential part of any good story. The reason is really simple: they help people understand threats. Not knowing or understanding threats reduces the importance of our actions, as well as decreases our ability to see, respond and protect from menacing attacks.

And that’s why best practices and rules are often not enough on their own. In order to achieve and spread a culture of cybersecurity, key rules, best practices and stories must all complement each other.

Beyond that, surely nothing beats practical hands-on experience. But that’s another story – and another blog.

This post originally appeared as part of a guest blog on, the website of the National Cyber Security Alliance, and is republished here with permission of NCSA.

Michael Waksman Jetico CEO bio image
Michael Waksman

Michael Waksman has been serving as CEO of Jetico since 2011, more than doubling the size of the company during his tenure. He brings more than 20 years of communications, technology and leadership experience.

At Jetico, Waksman has lead creation of the corporate identity, raising global brand awareness, building a more commercially-driven team and initiating enterprise customer relations. Jetico has maintained a wide user base throughout the U.S. Defense community, in the global compliance market and for personal privacy.

Waksman served as vice-chairman of the Cyber Group for the Association of Finnish Defense and Aerospace Industries. Recognized as a security and privacy advocate, he is a frequent speaker at international events, occasionally on behalf of the Finnish cyber security industry. In 2012, Waksman was honored with The Security Network's Chairman's Award for fostering collaboration between the United States and Finland. As dual citizen, he is a native New Yorker and has been living in the Helsinki region for over 15 years.

View all blog posts

Thank you for contacting Jetico!
We will respond to you as soon as possible.

Send us a message - we'll reply within 24 business hours.

Need help now? Call
US: 202 742 2901 EU: +358 9 2517 3030