Courses, Clicks and Consequences: Empiricizing Enterprise Security

Courses, Clicks and Consequences: Empiricizing Enterprise Security

From Cybercrimeology by Cybercrimeology

November 1, 2025 · 1h 4m · Episode 123

About this episode

The episode features a discussion with Dr Grant Ho about evaluating anti-phishing training in a health organization.

We speak with Dr Grant Ho from the University of Chicago about a large-scale field evaluation of anti-phishing training inside a major health organisation. The conversation examines annual awareness training, embedded “teach-at-click” exercises, and the role that engagement plays in any observed benefit. We also discuss how to measure programme value realistically and why careful experimental design matters when organizations make investment decisions.

People in this episode

Guest: Dr Grant Ho

Topics covered

  • anti-phishing training
  • enterprise security
  • awareness training
  • experimental design
  • program evaluation

Keywords

  • cybersecurity
  • phishing
  • training evaluation
  • engagement
  • organizational investment

Mentioned in this episode

Organizations: University of Chicago, major health organisation

More episodes of Cybercrimeology

Explore listener stats, chart rankings, contacts and more on the Cybercrimeology podcast page.