Getting the Message Out

How Many Impressions Does it Take to Make an Impression?
Just how many times must you see a message before it sinks in? 3? 7? 20? 250? 500? No one knows for sure, but one thing is clear: nobody really remembers a message until they’ve seen it multiple times. Advertisers know this. That’s why try to saturate an environment with their messages. If you’re concerned with security awareness, you need to embrace this idea too, because when it comes to information security, it’s repetition that matters.
Now wait, you say, you’re not in the advertising business; you’re in IT or training. The truth is, if you want to increase security-aware behaviors, it’s time you started thinking like an advertiser. You may not be selling a product, but you are most definitely selling. You’re trying to convince your employees that keeping security top of mind is essential to the health and wealth of the company—and that when it comes to information security, what they do really matters. That’s your message, and yes, it bears repeating. Often.
“Effective frequency” is the advertising term for the number of times a person must be exposed to an advertising message to elicit a response. This is an important number for advertisers who are seeking to optimize their advertising spends. There are numerous studies, theories, and models about what constitutes effective frequency. Let’s look at three:
The first, Krugman’s model, puts the number of exposures at just three. His idea is that the first exposure resolves the “What is it?” question, while the second answers, “What of it?” By the third exposure, the message registers quickly, having gotten past the first two hurdles. “Let me try to explain the special qualities of one, two, and three exposures,” Krugman writes. “I stop at three because as you shall see there is no such thing as a fourth exposure psychologically; rather fours, fives, etc., are repeats of the third exposure effect.” So the third time is the charm. Any further exposures simply reinforce the message.
You’ve probably heard of “The Rule of Seven.” This old adage claims that prospects must see or hear a marketing message at least seven times before they’ll take action. There’s no science behind the number seven—but it makes the point that the message must be delivered in an on-going process in order for it to bear fruit.
And finally, we have Thomas Smith’s take, whose 1885 advertising classic, Successful Advertising, proposed a 20-step plan for getting people to bite. His full list ends this post, below.
The truth is, we’ll never know the “actual number” of repetitions required. But what we do know is that it takes many exposures to a message before it sinks in, and perhaps many more before it becomes activated as behavioral change. Know this and you’ll have an easier time getting your security awareness message across. Your foundational training event will explain to employees the “What is it?” and “What’s in it for me?” But because the forgetting curve follows fast on the heels of the learning curve, your security awareness message will also require constant reinforcement over time, and in a mix of messages and media delivery channels that will drive the learning into second nature behavior—and do it with a satisfying sense of value, flair, and purpose. In the process you’ll create an army of loyal, security-aware “customers.”
Want to learn more about the fascinating role of reinforcement in developing a security-aware culture? Take a look at this. And if you’re ready to really dig into “effective frequency,” try this:

Thomas Smith’s 20-Step Plan

The first time people look at any given ad, they don’t even see it.
The second time, they don’t notice it.
The third time, they are aware that it is there.
The fourth time, they have a fleeting sense that they’ve seen it somewhere before.
The fifth time, they actually read the ad.
The sixth time they thumb their nose at it.
The seventh time, they start to get a little irritated with it.
The eighth time, they start to think, “Here’s that confounded ad again.”
The ninth time, they start to wonder if they’re missing out on something.
The tenth time, they ask their friends and neighbors if they’ve tried it.
The eleventh time, they wonder how the company is paying for all these ads.
The twelfth time, they start to think that it must be a good product.
The thirteenth time, they start to feel the product has value.
The fourteenth time, they start to remember wanting a product exactly like this for a long time.
The fifteenth time, they start to yearn for it because they can’t afford to buy it.
The sixteenth time, they accept the fact that they will buy it sometime in the future.
The seventeenth time, they make a note to buy the product.
The eighteenth time, they curse their poverty for not allowing them to buy this terrific product.
The nineteenth time, they count their money very carefully.
The twentieth time prospects see the ad, they buy what it is offering.

Share this Post

Related Posts

Learn five awareness training tactics for truly changing risky employee behavior around cybersecurity and data privacy with our free white paper.
White Paper: 5 Training Tactics for Achieving Behavior Change
Join MediaPro Founder and Managing Director Steve Conrad as he outlines the impact of a risk-aware corporate culture.
Video: MediaPro Best Practices: Why Prioritize Employee Awareness?
Read our newest eBook on how the NIST Cybersecurity Framework can be used to improve security awareness.
eBook: How the NIST Cybersecurity Framework Improves Security Awareness
Don't waste time and money on an awareness program that doesn't yield real results. Download our white paper for tips on improving your awareness program.
White Paper: 5 Strategies for Improving the Effectiveness of Your Awareness Program