Ahead of the Government Cyber Security Showcase New South Wales 2026, we unpack practical ways to communicate cyber risk with NSW Department of Education - Cyber Security Operations Group Education and Awareness Manager Mona Sidhu.
Cyber security is no longer just the domain of IT teams. It touches every employee, in both their professional and personal lives. Yet many organisations still struggle to translate complex cyber concepts into messages that resonate with non-technical audiences.
The discussion highlights practical ways to communicate cyber risk in plain English, examine why compliance-driven training often fails to change behaviour, and highlight how relatable storytelling can engage people without overwhelming them.
At its core, the conversation reinforces a powerful idea: when people understand the “why,” they become the strongest defence.
For non-technical staff, what is the simplest way to explain “cyber risk”, so it feels real and relevant?
Using plain English to take out jargon is the bread and butter of cyber culture leaders. You can lose an audience in 2 minutes if you are not able to connect and make the learning relevant to them, whether this is via face-to-face, online, or paper-based delivery. Putting the ‘why’ in front is also important. While cyber risk is real, we should not scare people but provide context in such a way that is meaningful and easy to understand and apply to their daily lives. Cyber risk also applies to people at home. Once you have helped them secure their personal life, there is more chance that their mature behaviours will reflect at work as well.
What is one common mistake organisations make with cyber awareness training that looks good on paper but does not change behaviour?
If your organisation is providing mandatory training that people complete annually but its not changing behaviour, you might want to ask yourself what is it that you are not doing right. Is your awareness program only working to meet compliance targets or are you really trying to change behaviours. There is a lot of research on training people in terms of what works and what does not. Most of it points to the fact that a one-time training completion will not change behaviours. Your organisation’s approach must be multi-faceted with several touch points throughout the year and should be inclusive. Think about the people diversity in your organisation - age, gender, cultural background and think about the types of learners, for example, I am a very visual learner. Use short videos to grab attention. Promote good cyber hygiene with case studies that use life-like stories to engage people. Do your senior executive know who you are and what you do is a question you should be asking yourself and your team. Make cyber simple is my message.
What types of real stories or examples work best to get people’s attention-without scaring them or overwhelming them?
Storytelling is a great approach that I use to make the otherwise unexplainable easy to understand and adapt. We all heard bedtime stories from mum or dad or in my case, my grandmother. Think back to that time and how captivated you were, imagining yourself in the story itself. That is where you want people to be with cyber safety. Grabbing attention with life-like stories or even fairy tales such as connecting Cinderella with MFA, will bring more people to your door. And once you have their attention, you can teach them.
For the Cyber Security Showcase, what is the #1 takeaway you want attendees to leave with-and what is one action you want them to take back to their team the next day?
Humans are the end point. If you want your cyber program to succeed, support your cyber awareness or culture team. Give them the high profile they deserve and need from you.
Cyber security is for everyone, not just your work but for your personal life too. It is here to stay, cause guess where most criminals are now? Yes, they are online and so is your bank account. You are fortunate to get cyber safety learning at work. Use it to improve your practice and help others who do not know or are vulnerable such as your parents or grandparents.
Learn more on how agencies and organisations across Australia can turn into a cyber defender. Join us on the upcoming Government Cyber Security Showcase New South Wales at Waterview Bicentennial Park, Sydney on 30 July 2026.
Help your peers
Share what you've learned with fellow public servants
