When you click on”Accept all cookies“click, you agree to the storage of cookies on your device to improve website navigation, analyze site usage, and support our marketing efforts. For more information, see our privacy policy.
preferencesRejectaccepting

Human Firewall: How to maintain awareness in the long term

Valentina Benedetto
21.5.2025

Just a normal Monday morning. Kathrin Keller, managing director of KT Mechanik AG in Schwyz, starts her day on the computer as usual. Somewhat irritated, she finds that she suddenly can no longer access her files. While she is still thinking about why everything is so slow, her phone rings. Simon from production is excited: “Kathrin, the CNC machines aren't running. We can't get to the drawings anymore! ”

At that moment, a new message appears on Kathrin's computer: “Welcome to LockBit2. All your important files were stolen and encrypted! We will publish your data on this TOR website on the darknet if you do not immediately transfer the extortion sum of USD 100,000.” Kathrin suddenly realizes that her SME has been the victim of a ransomware attack.

In this article:

· How can security awareness improve protection against cyber attacks?

· Which safety measures strengthen the safety culture?

· How can awareness be maintained over the long term?

The consequences of a cyber attack: Effects on image, employees and liability

A company often has more confidential information than is apparent at first glance. In the event of an attack on KT Mechanik AG, personal e-mail and private addresses of employees could be stolen. Yes, even the names and dates of birth of their children could be published. Customer data or trade secrets, such as proprietary CNC programs in this case, are also popular targets of extortionists, which give the company a competitive advantage. The damage would be enormous not only financially but also for the company's image and would have consequences under liability law.

70 - 80% of cyber attacks can be traced back to human errors

Kathrin is still stunned. Who invades a small SME with 35 employees? They all completed mandatory safety training just a few months ago. How can that be, Kathrin asks financial manager Robert, who has just sat down in his chair. That reminds her of the email from Friday afternoon that Robert mentioned. An urgent request from the bank, which he had to deal with immediately. Could that have been a phishing email?

Around 70 to 80% of all successful cyber attacks are due to human error. Often through well-disguised phishing emails, which are barely recognized as such in the hustle and bustle of everyday life.

The safety training may have taught the basics, but the knowledge quickly fades if it is not regularly refreshed. This can be expensive: financial losses, loss of customer trust and a lot of effort to close the security gap. In addition, cyber insurance only pays if the security measures based on Kathrin's self-assessment have been implemented.

For small and medium-sized companies, the issue of IT security is often an additional burden. The focus is on day-to-day business and then there is also this area - complicated, confusing and time-consuming. Cyber attacks don't just affect large companies. Phishing also costs smaller companies a lot of money. Ransomware paralyzes entire systems. Anyone who can restore their system before the money runs out still has a problem. The attackers then publish the stolen, confidential data on the dark web. This causes image damage with possible liability consequences.

Why regular safety measures are important

Kathrin still remembers the safety training well, but the alert she felt immediately afterwards has disappeared. That is why it is now one of their most important goals to regularly sensitize all employees to security risks and how to identify them.

Regulatory requirements: Security awareness is recommended

The Federal Financial Market Supervisory Authority (FINMA) requires regular IT security training for larger companies such as banks and financial institutions. The Payment Card Industry Standard (PCI-DSS) or the International Information Security Standard (ISO 27001) as well as cyber insurance also emphasize the importance of continuing education.

Although there are no specific legal requirements, waistband SMEs also recommended increasing their IT security through regular risk assessments and raising awareness of cyber risks. Nevertheless, many companies only rely on annual training — and therefore take on high risks.

Why do we forget what we have learned after a short time? What happens in our brain?

One thought never lets go of Kathrin. Why was safety training not sustainable? What happens in our brain that we can no longer retrieve this information after just a few months? She has found the following information, which has enabled her to better understand why regular training is not just a “good to have” but a must.

The forgetting curve and how we preserve knowledge

Perhaps you are familiar with this memory gap: You are in a foreign country and are interested in the language because it sounds so different from your mother tongue. After a visit to the museum, you'll talk to the curator and learn a new word that sticks in your head for a moment after repeating it several times. At dinner an hour later, you barely remember it: It began with S... or did it start with L? Why is it happening so quickly?

The so-called forgetting curve shows the rapid loss of information over time — discovered by Hermann Ebbinghaus In self-experiments:

Figure 1, Forgetting curve to Ebbinghaus, 2025

The curve on FIG. 1 shows:

• After approximately 20 minutes, 40% of what has been learned is forgotten

• Just 50% after one hour

• After one day, it's only 30%

This means: Everything fits perfectly right after a training session, but the next day, up to 70% of the details are missing! After a week, you only remember around 10%; after a month, it's just 2 - 3%.

Knowledge therefore disappears faster than it can be consolidated.

Fundamentals, such as rules and processes, remain in the memory for longer. But even after one month, only around 95% of them are still available.

Targeted repetition helps to store information permanently (“spaced repetition”)

Figure 2, Ebbinghaus forgotten and spaced repetition curve, 2025

The forgetting curve (Figure 2, green curve) shows how quickly knowledge is lost without repetition. This effect can be reversed with targeted impulses (Figure 2, blue curve). The impetus does not necessarily have to be long training courses. These can be short reminders, practical exercises, or playful challenges. Information is memorized the more often you deal with it. Each new encounter strengthens the memory.

Other factors also influence learning success: Well-trained knowledge also withstands everyday stress

Anyone who has well-trained knowledge or finds learning content particularly important will remember it for longer. Anyone who is under stress or time pressure in everyday business life loses knowledge more quickly. The same applies when colleagues change frequently or the safety culture is weak.

Cyber threats are constantly changing

By preparing for cyber risks and talking to the consultant, Kathrin realized that in addition to ransomware, there are many other risks that a company should consider when taking security measures.

In addition, attacks are constantly evolving.

Current threats range from AI-powered attacks to targeted attacks on supply chains. Strategies should be reviewed regularly to keep protective measures up to date.

A strong security culture as a human firewall

Kathrin has learned a lot in recent months. The ransomware attack made it painfully clear to her how quickly the machines in her SME, which had built up over many years, can come to a standstill. From one day to the next and only as a result of a phishing email.

The psychological background of the forgetting curve can well show that a large part of what has been learned will be lost again within a very short period of time if it is not immediately refreshed and consolidated. In addition, threats are constantly changing.

In summary, safety requires constant attention.

Our experience with over 140 satisfied customers shows us time and again how important an active safety culture is. Companies that live cybersecurity as a culture are more resilient to attacks. A strong security culture acts like a human firewall.

We have seen that the decisive success factor lies not in individual training courses, but in continuous, well-integrated safety measures.

GermanEnglish

Mehr Posts von uns

News

Data expert with an analytical eye: Michal is our new business and data analyst

An Icon of a calendar
20.5.2025
An icon of a clock
1'
Lesezeit
News

Our new ICT architect Alessandro: The engineer who designs corporate architectures

An Icon of a calendar
20.5.2025
An icon of a clock
1'
Lesezeit
News

Our new consultant Thery is a bridge builder between specialist areas, technology and generations

An Icon of a calendar
20.5.2025
An icon of a clock
2'
Lesezeit
info@linkyard.ch
+41 31 508 76 20
Offerings
Business InnovationIT ManagementProductsExperts
Webpage
HomeblogAbout usCase studiesCareer
Utility
imprintPrivacy statementTERMS AND CONDITIONS
Contact
linkyard AG
Junkerngasse 39
3011 Bern
switzerland