FREE GRC Workshop

LEARN MORE

Recommended Event: Convene: Boston | Cybersecurity & Human Risk Conference Aug 13 - 14, 2026

Securing Trust and ensuring resilience this Cyber Awareness Month

Solution Category GRC
Type Webinar
Organization Hoxhunt
Event Format Company Webinar

Webinar Description

Key Takeaways

  • Practical strategies for transforming Cyber Awareness Month into sustained year-round security engagement
  • Gamification techniques including leaderboards, rewards systems and employee-driven activities to boost participation
  • Shift from traditional click-rate metrics toward resilience-based measurement frameworks
  • Real-world examples from Docusign’s award-winning security awareness programme
  • Approaches for extending threat intelligence and trust initiatives beyond employees to customers

Introduction

Security awareness programmes face a persistent challenge: generating genuine employee engagement rather than passive compliance. Many organisations invest heavily in October’s Cyber Awareness Month activities only to see momentum dissipate within weeks. This webinar, hosted by Hoxhunt and featuring Docusign’s Senior Security Awareness and Training Manager Missy Bentzen, addresses how security leaders can design campaigns that sustain behavioural change throughout the year while measuring outcomes that matter to executive stakeholders.

The session targets security awareness leaders, human risk management teams, CISOs and incident response professionals seeking to move beyond checkbox training toward programmes that demonstrably reduce organisational risk from phishing and social engineering attacks.

About This Event

Titled “Docusign: Securing Trust and Ensuring Resilience this Cyber Awareness Month,” this virtual webinar draws on Docusign’s experience building an award-winning security awareness programme. Missy Bentzen shares practical strategies developed through real-world implementation, offering attendees actionable frameworks rather than theoretical concepts. The session combines executive-level insights with tactical guidance suitable for practitioners responsible for day-to-day programme delivery.

Hoxhunt hosts the event, bringing its expertise in gamification-based security awareness training to the discussion. The webinar format allows for focused exploration of specific techniques while maintaining accessibility for geographically distributed security teams.

Gamification as a Driver of Security Behaviour Change

Central to the discussion is the application of gamification principles to security awareness training. Traditional approaches often struggle to compete for employee attention against daily operational demands. Gamification addresses this by introducing elements that create intrinsic motivation: leaderboards that foster friendly competition between teams, reward systems that recognise positive security behaviours, and streak mechanics that encourage consistent engagement over time.

The webinar explores specific employee-driven activities that Docusign has implemented successfully. Programmes such as Craft-a-Phish, where employees design simulated phishing attempts, and Phish-a-Friend, which extends awareness through peer interaction, transform staff from passive training recipients into active participants in the security programme. These approaches leverage creativity and social dynamics to embed security thinking into workplace culture.

Such techniques prove particularly valuable when addressing the full spectrum of social engineering threats. While email phishing remains prevalent, organisations increasingly face smishing attacks via text message, vishing through voice calls, and QR-code based attack scenarios. Gamified training can simulate these varied threat vectors, building employee recognition capabilities across multiple channels.

Rethinking Security Awareness Metrics

A significant portion of the session addresses measurement frameworks for security awareness programmes. Many organisations continue to rely heavily on click rates from simulated phishing campaigns as their primary success metric. While click rates provide some indication of susceptibility, they offer an incomplete picture of organisational security posture and can create perverse incentives that undermine programme goals.

The webinar advocates for resilience rate as a more meaningful key performance indicator. Resilience rate measures not just whether employees avoid clicking malicious links, but whether they actively report suspicious communications to security teams. This distinction matters considerably: an employee who ignores a phishing email without reporting it provides no intelligence value, while one who reports it enables the security team to identify campaigns targeting the organisation and protect other potential victims.

This shift in measurement philosophy connects directly to incident response and threat intelligence functions. When employees consistently report suspicious activity, security teams gain visibility into attack patterns, can respond more rapidly to genuine threats, and build institutional knowledge about adversary tactics. The reporting pipeline becomes a sensor network distributed across the entire workforce.

Building the Business Case for Security Awareness Investment

Security awareness leaders frequently struggle to communicate programme value to executive leadership in terms that resonate with business priorities. Click rates and training completion percentages often fail to convey meaningful risk reduction. The webinar addresses how to construct reporting frameworks that demonstrate tangible organisational benefit.

Connecting security awareness outcomes to broader business objectives strengthens the case for continued investment. When employee reporting contributes to fraud prevention and customer protection, the programme’s value extends beyond internal risk management. Docusign’s approach explicitly links employee security behaviours to customer trust, recognising that organisational security posture directly affects the confidence customers place in the company’s services.

This customer-facing dimension proves particularly relevant for organisations handling sensitive transactions or data. Security incidents that compromise customer information carry reputational and regulatory consequences that far exceed the immediate technical remediation costs. Demonstrating how security awareness programmes contribute to customer protection provides leadership with metrics they can contextualise within broader business risk frameworks.

Extending Security Culture Beyond the Workforce

An emerging theme in security awareness practice involves extending threat intelligence and protective measures to customers. Organisations with mature security programmes increasingly recognise that their threat visibility can benefit external stakeholders. When security teams identify phishing campaigns impersonating their brand, sharing that intelligence with customers helps protect the broader ecosystem.

This approach requires careful consideration of communication channels and messaging. Customers need actionable guidance without technical jargon, delivered through channels they already use and trust. The webinar explores how Docusign approaches this challenge, balancing the need to inform customers about threats with the imperative to maintain confidence in the organisation’s security capabilities.

Who Should Attend

The webinar offers particular value for several professional groups. Security awareness leaders responsible for programme design and delivery will find practical techniques applicable to their own organisations. Human risk management teams seeking to quantify and reduce people-related security risks will benefit from the measurement frameworks discussed.

CISOs and security leaders evaluating their awareness programme investments will gain perspective on what distinguishes effective programmes from compliance-focused exercises. Security communications teams tasked with engaging employees on security topics will discover approaches that generate genuine participation rather than reluctant completion.

Incident response and threat intelligence teams may find value in understanding how employee reporting pipelines can enhance their detection capabilities. Finally, any organisation planning Cyber Awareness Month activities will benefit from strategies that extend campaign impact beyond the traditional October timeframe.

The Evolving Landscape of Human Risk Management

The webinar arrives at a moment when human risk management is maturing as a discipline within cybersecurity. Organisations increasingly recognise that technical controls alone cannot address threats that specifically target human decision-making. Phishing and social engineering attacks continue to succeed not because of technological failures but because they exploit psychological vulnerabilities that exist regardless of security infrastructure.

This recognition has driven investment in security awareness programmes, but many organisations find their initiatives plateau after initial implementation. The techniques discussed in this session address that plateau by introducing engagement mechanisms that sustain interest and measurement approaches that demonstrate ongoing value. For security leaders seeking to advance their programmes beyond basic compliance training, the practical examples from Docusign’s experience offer a roadmap for meaningful improvement.