The EU is making fundamental changes to its data protection laws: the ...
Most people think of compliance as a mindless box-ticking exercise. But reputational damage is a big and urgent issue. It’s become the major compliance risk for today’s global, highly networked companies, and there’s some serious fallout going on.
FACT: 74% of UK board members see reputational damage as the most significant consequence of an incident¹.
FACT: The average cost of a single data breach is US$4m, up 29% since 2013².
FACT: 73% of companies are concerned about poor user awareness and behaviour displayed around the mobile devices we all now use in our roles³.
Historically, compliance training has been about defence: providing accountability and mitigating liability in the event of breach. In the past few years, as global business became more digital and networked, the size and complexity of the regulatory burden has exploded.
Cripplingly costly breaches have to be headed off before they happen.
Tick-box compliance is no longer enough. Serving cold facts to passive, disengaged learners doesn’t change behaviour or cut risk.
Compliance used to be black-and-white: are we compliant or not?
This binary question was all that the technology of the time could handle. But technology has evolved, and that oversimplified approach doesn’t reflect today’s complex reality.
Nowadays, with multiple platforms and touchpoints in play, we live in a billion shades of grey. Individuals must understand their full responsibilities and be able to exercise situation-specific judgement.
Meeting exacting regulatory standards every year, without fail, is essential but expensive. Compliance training must deliver a better return on effort (ROE). It must improve performance, eliminate risk and actively contribute to wider company goals.
Many of the world’s smartest leaders are adopting a new attitude to compliance training. No longer seen as an arduous expense, mandated annual compliance learning is being embraced as a stealth behaviour-change tool that can improve your people’s skills, boost their performance, and achieve tangible organisational outcomes.
First, you have stop thinking about box-ticking and start focusing on behaviour change.
You don’t become compliant by taking a single workshop or filling in a piece of software. Having a good knowledge of regulatory standards and understanding the ‘right answers’ is important –
but it simply isn’t enough to help your people navigate the new landscape.
The thing is, in most workplaces, risky behaviour is standard.
Non-compliance is the norm, not a one-off event. That means that you need to deeply embed a different set of behaviours in your everyday workplace culture – one learner at a time.
Truly compliant-minded leaders don’t see their organisation as a machine that needs various bits of software and data to function, but as a highly complex hive made of thousands – or hundreds of thousands – of individual learners.
You need to start protecting against risk by raising your people’s awareness that the reputation of the organisation is in their hands – then empowering them to safeguard it.
Old-style tick-box compliance training cannot defend against the massive reputational damage that can spring from a single breach in our modern networked world. The cost goes way beyond simple regulatory penalties.
It’s just too big to ignore.
We plunge people into realistic situations that hone their judgement in an engaging, lasting and nuanced way.
Your people need to unlearn inappropriate behaviours and embrace new, positive ones. They need to become experts in spotting the difference between what compliant and non-compliant behaviours look and feel like.
Most importantly, they need to test their judgement in a realistic way, and experience the complex spectrum of outcomes that result from their decisions.
All in a way that sticks.
To achieve this, we use immersive narrative scenarios. They’re powered by the latest tech, and designed using immersive learning’s three core ‘A’s: