In 2018, we developed a security awareness campaign together with our customer Lanxess, which was not only very successful within the company, but also won awards.
Award-winning security awareness campaign
Lanxess wins Digital Leader Award 2020 with HvS security awareness campaign
The building blocks of the security awareness campaign
The campaign approach is basically in line with HvS best practice: a security intranet portal as a central source of information, live hacking events and e-learning to impart knowledge, phishing tests as a wake-up call and lots of communication elements such as interviews or intranet news. And of course a plan on how to successfully combine all these elements into a "Security Awareness Campaign".
The first step was a phishing test on all Lanxess employees worldwide. The highlight: anyone who had actually entered data on the phishing site was informed by the Lanxess CEO with a twinkle in his eye in a short video that he was not on the Lanxess intranet, but on a rather well-made phishing site, that this could also have happened to him and that Lanxess therefore offers great cyber security training courses in which one can learn to spot such attacks.
The classroom training sessions with live hacking took place in 2019 (before Corona) at the Lanxess Tower in Cologne and have been received with great enthusiasm.
Due to positive word of mouth, even waiting lists were formed because the events were overbooked despite the large space.
Since Lanxess is a global company and de facto never all employees can be trained in classroom sessions, we additionally launched the IS-FOX Cyber Security E-Learning in six languages, which was mandatory for all employees.
Our Express Training with Security Plus allowed each employee to choose a suitable learning path depending on their individual prior knowledge.
The Security Awareness Campaign in numbers
Over 1,000 employees in live hacking classroom sessions in Cologne and Leverkusen // Over 13,000 participants in cyber security e-learning // One of the best rated e-learning at Lanxess with many 5-star ratings and comments such as "Awesome training" or "Great training! Thank you." // Hundreds of positive emails to the Security Team, ranging from "great phishing activity" to "best training since I've joined the company". // Nagging rate: less than 1%.
The recipe for success: team play and positive energy
What made this security awareness campaign so successful? The campaign approach as such is not bursting with innovative elements. We have been running similar campaigns for many years for many customers. So what was special about Lanxess?
One, if not "the" key success factor of the campaign was the cross-functional collaboration:
- A security team that had the "courage to campaign" and was able to inspire other areas with the topic of security awareness.
- A communications team that opened internal channels for us and communicated our messages.
- An Executive Board member who did the phishing resolution video, showing how important the topic is for him and Lanxess.
- A works council that supported cyber security training as mandatory training.
- Managers who actively encouraged their employees to attend our Cyber Security classroom training.
- And, of course, an external consultant who knows how security awareness works ;-)
This combination made it possible for security awareness to be perceived not as an " initiative from the security department," but as a positive part of the corporate culture. And that really is an award-worthy result.
The result: More security, great feedback and a Digital Leader Award
That's probably what IDG thought when they honored Lanxess with the Digital Leader Award for Cyber Security in 2020.
Florian Jörgens, CISO at Lanxess, proudly received the award for the best security awareness campaign in September 2020.
And we feel just as proud!
