What Happens When Users Keep Failing? And Should We Punish Them?

What Happens When Users Keep Failing? And Should We Punish Them?

From All Things Human Risk Management by Hoxhunt

June 29, 2025 · 50 min · Episode 3

About this episode

The episode discusses whether punishing employees for security mistakes is effective or if there are better alternatives.

Episode #3 Should We Punish Employees for Security Mistakes? Eliot is joined by Noora Ahmed-Moshe VP of Strategy & Operations, Hoxhunt) for a discussion on one of cybersecurity’s most divisive questions: should repeat offenders in training programs be punished... or is there a better way? Leveraging on behavioral science, real-world case studies, and Noora’s global experience advising security leaders, this episode breaks down the flawed logic behind punitive training and surfaces more effective, scalable alternatives. Here’s what you’ll learn in this episode: Why punishment-based training strategies often backfire and how they can destroy psychological safety How to understand the psychology of repeat clickers and uncover hidden motivations What neuroscience and behavioral science say about fear vs. positive reinforcement in learning How real organizations shifted from punitive to positive - and saw massive gains in threat reporting and engagement Why individualized, adaptive training paths outperform one-size-fits-all models What to do when even your best-designed training isn’t working for a small subset of users The unintended consequences of using HR as a disciplinary…

People in this episode

Host: Eliot Baker

Guest: Noora Ahmed-Moshe

Topics covered

  • cybersecurity
  • behavioral science
  • training strategies
  • psychological safety

Keywords

  • punitive training
  • positive reinforcement
  • threat reporting
  • engagement
  • individualized training

More episodes of All Things Human Risk Management

Explore listener stats, chart rankings, contacts and more on the All Things Human Risk Management podcast page.