Security awareness campaign
In 2018, we developed a security awareness campaign together with our client Lanxess, which was not only very successful within the company, but also won the Digital Leader Award in 2020.
Who is Lanxess?
With around 12,400 employees in 32 countries, the Cologne-based specialty chemicals group Lanxess is one of the leading players in the industry. In 2023, the company generated sales of 6.7 billion euros. Its core business comprises the development, production and distribution of high-tech plastics, high-performance rubbers, specialty chemicals and intermediates. Lanxess also supports its customers in the development of customized system solutions.
The building blocks
Successful security awareness campaign
The campaign approach is basically in line with HvS best practice:
- a security intranet portal as a central source of information,
- live hacking events and
- e-learning to impart knowledge,
- phishing tests as a wake-up call and
- lots of communication elements such as interviews or intranet news.
And of course a plan on how to successfully combine all these elements into a "Security Awareness Campaign"
The first step was a phishing test on all Lanxess employees worldwide. The highlight: anyone who had actually entered data on the phishing site was informed by the Lanxess CEO with a twinkle in his eye in a short video that he was not on the Lanxess intranet, but on a rather well-made phishing site, that this could also have happened to him and that Lanxess therefore offers great cyber security training courses in which one can learn to spot such attacks.
The classroom training sessions with live hacking took place in 2019 (before Corona) at the Lanxess Tower in Cologne and have been received with great enthusiasm.
Due to positive word of mouth, even waiting lists were formed because the events were overbooked despite the large space.
Global training with certification
Individualized cyber security e-learning
Since Lanxess is a global company and de facto never all employees can be trained in classroom sessions, we additionally launched the IS-FOX Cyber Security E-Learning in six languages, which was mandatory for all employees.
Our Express Training with Security Plus allowed each employee to choose a suitable learning path depending on their individual prior knowledge.
The recipe for success
Team play and positive energy
What made this security awareness campaign so successful? The campaign approach as such is not bursting with innovative elements. We have been running similar campaigns for many years for many customers. So what was special about Lanxess?
One, if not "the" key success factor of the campaign was the cross-functional collaboration:
- A security team that had the "courage to campaign" and was able to inspire other areas with the topic of security awareness.
- A communications team that opened internal channels for us and communicated our messages.
- An Executive Board member who did the phishing resolution video, showing how important the topic is for him and Lanxess.
- A works council that supported cyber security training as mandatory training.
- Managers who actively encouraged their employees to attend our Cyber Security classroom training.
- And, of course, an external consultant who knows how security awareness works ;-)
This combination made it possible for security awareness to be perceived not as an " initiative from the security department," but as a positive part of the corporate culture. And that really is an award-worthy result.
More security, great feedback and a Digital Leader Award
That's probably what IDG thought when they honored Lanxess with the Digital Leader Award for Cyber Security in 2020.
Florian Jörgens, CISO at Lanxess, proudly received the award for the best security awareness campaign in September 2020.
And we feel just as proud!
More know-how on security awareness