Within global management consulting firm Accenture’s information security, or IS, corporate function, a behavior change team is in charge of increasing IS awareness and nurturing secure behaviors across the company. That’s where learning comes in. Through its IS Advocate program the behavior change team meets its objectives through employee completion of custom immersive learning activities.
Steve Zutovsky, managing director of internal IS at Accenture, said the training programs use the latest in learning technology, such as gamified environments and role-specific elements. “These features increase our learners’ willingness to participate because they feel the activities are fun and entertainment more so than learning,” he said. “I’m always intrigued by what the team is going to come up with next so that things don’t get stale.”
Zutovsky said the cybersecurity training program has three tiers: bronze, silver and gold. The tiers are released in bite-sized components over the course of the year and involve competition among employees who want to receive virtual badges. “By creating these different levels and competition, it allows us to stay engaged with our population and it gives us an excuse to reach out and touch them,” Zutovsky said.
They now have a personalized mailing list of about 375,000 people out of the 475,000 Accenture employees who have taken part in the cybersecurity trainings. “We can reach out to them directly every time there is new content available,” he said. “It allows us to maintain an ongoing relationship over the course of the year and keep the topic front and center.” He added that if there is a new security threat, they can respond directly and quickly.
Zutovsky said they use several strategies to ensure learners get the IS education they need. Those strategies include bite-sized continuous learning, immediate targeted feedback, embedding the IS Advocate program dashboard into Accenture’s internal website, gamified and role-based learning, real-time collaboration and leaderboards, use of Accenture’s multiple digital channels, the “anytime, anywhere” approach and leadership sponsorship.
The behavior change team also works closely with Accenture’s cyber-intelligence research teams to understand and incorporate the latest threats to make sure the learning activities keep them ahead of the cyberthreat curve. Since the team was formed about three years ago, the IS Advocate program has grown, with more than 85 percent of Accenture employees becoming IS advocates in the past year.
Zutovsky said the cyber-intelligence research teams play big roles in driving the pipeline of learning assets and activities. “We work with these teams to identify trending and emerging threats to decide what behaviors to focus on and what assets we develop,” he said. “We then work with our creative agencies to make sure we are using the most ‘real’ and immersive techniques to simulate scenarios and environments that reflect the way our people work, live and learn.”
Zutovsky said the program aligns with Accenture’s overall business strategy and objectives, which means getting buy-in from senior leaders is easy. First, the program drives employee adoption of smart cybersecurity behavior across the company and with clients. Second, it brings a new digital learning journey to employees — designing and delivering compelling and cutting-edge learning activities. And last, it fosters a culture of employee-motivated continuous learning that applies to Accenture’s “culture of cultures.”
The support helps model the desired behavior and ensure accountability, Zutovsky said. “We regularly brief our senior management, all the way up to the board of directors, on our progress according to some key dimensions,” he said. “We rely on our learning team to help us keep that progress.”
Cybersecurity is top of mind for senior leadership, according to Zutovsky. In fact, Accenture’s COO sets the target for business units around what they need to achieve in terms of IS training. “You can’t get much more support than that when you effectively have our No. 2 guy in Accenture telling all of our geographies that he has a certain expectation of the number of people to take this voluntary training,” Zutovsky said. “It’s clear to the people who are expected to complete this training that it is part of their leadership’s agenda.”
Zutovsky said the team is constantly encouraged by the program’s success and positive feedback. “One of the things that we’re proud of from our learning organization is that they are always looking for new tools and mechanisms to deliver what can be fairly dry training,” he said. “We frequently get positive feedback around the quality and the level of engagement that our training provides — that it’s not the standard typical dry corporate training, but that it’s appealing and interactive and engaging.”
Zutovky added that the learning programs are data driven; they use data to identify the biggest areas of need, which then defines the path forward and the areas of priority. “We’re rigorous about trying to measure the impact of the training we’re providing to make sure it is effective,” he said.
“In all our key dimensions, we’re continually improving scores around the things we measure that shows that it’s effective.”
So far, results show that through the learning activities, employees are 50 percent less likely to experience a security-related incident compared to employees who do not complete any learning activities. Zutovsky said the trained employees also have significantly better scores in the biannual global behavior survey that helps assess people’s practices of social engineering, handling of sensitive information and reporting incidents.
Accenture’s Information Security Advocate program uses gamification and incentives to encourage core curriculum completion. Participation in this voluntary program exceeded 85 percent with more than 360,000 employees becoming Information Security Advocates enterprisewide.
Company size: 459,000