Simplicity is Bliss: Controlling Extraneous Cognitive Load in Online Security Training to Promote Secure Behavior

User-initiated security breaches are common and can be very costly to organizations. Information security training can be used as an effective tool to improve users' secure behavior and thus alleviate security breaches. Via the lens of learning, working memory, and cognitive load theories, this research examines how to improve the effectiveness of security training through decreasing extraneous stimuli in the presentation of online security training. The authors conducted a realistic laboratory experiment to examine the influence of training with different levels of extraneous stimuli on secure behavior. They found that training presented with low levels of extraneous stimuli improved secure behavior more than training presented with high levels. The results question the effectiveness of elaborate training programs, and rather suggest that simple, direct training modules are most effective.