Creating and maintaining a security awareness program is one of the biggest challenges for organizations’ security teams. They must reach a global and diverse workforce, with limited time, skills and resources.

From Proofpoint, a leading company in cybersecurity, regulatory compliance and security, they remember that a truly effective program to reduce risks needs to adapt to user behavior and real threats, in addition to providing visibility on the progress achieved.

The greatest vulnerability in cybersecurity

Human error continues to be the greatest vulnerability in cybersecurity within an organization: in Spain, 49% of CISOs point to people as their main risk, despite the fact that 55% consider that employees know what good security practices are, although this is not enough to change their behavior. Likewise, according to this same 2025 study, 46% of organizations lack the tools to adequately manage internal risk, which prevents closing the gap between knowing what to do and actually doing it.

For cybersecurity experts, generic training that treats all employees equally adds little, as is the case in most current programs. When there is segmentation, it is usually a manual process that consumes time and energy for already overloaded teams; and without automation, it is nearly impossible to deliver an effective experience to those most exposed to risk.

This is where adaptive learning takes center stage over insufficient traditional training. This approach provides specific, risk-based education tailored to the behavior, role and profile of each employee, helping to strengthen the organization’s security. At Proofpoint they are committed to intelligent and automated segmentation, along with systematized and personalized learning itineraries, which guarantees that the assigned activities (trainings, phishing simulations and notifications) are relevant, impactful and effective in driving real behavior change.

The use of adaptive groups

Grouping users by their click rate in simulations, by their errors, or simply by having completed a course, as many awareness platforms do, is not enough to understand the real risk. This forces administrators to collect more information manually to make the programs useful. Unlike this basic segmentation, adaptive groups incorporate risk signals in real time. If a user incorrectly manages sensitive data, for example, they are automatically moved to a group that receives training designed to correct that behavior. This way, security teams spend less time on operational tasks and more time supporting users, while groups are dynamically updated as risks change.

Traditional awareness programs often stagnate by relying too much on manual processes. Teams must constantly decide who to manage, what training to assign, and when to do it. Proofpoint’s adaptive paths automate the creation and delivery of learning experiences based on real-world threats. If a group of users emerges who have activated data loss prevention alerts, they will automatically be enrolled in activities designed to address the risks associated with their security behaviors. Training is adjusted based on the user’s actions, interaction with threats, or compliance requirements. As risks change, groups are automatically updated, making it easy to measure impact and refine programs.

Thanks to this, employees do not waste time preparing for improbable or already controlled threats. The focus is on those who need the most support and receive it exactly when they need it. Later, reinforcement through repetition and contextual examples helps safe practices stick.

Proofpoint’s adaptive paths automate the creation and delivery of learning experiences based on real-world threats

“The true power of adaptive learning lies in its impact and efficiency, directing experiences to common user risk profiles through adaptive groups and paths. The learning experience becomes more relevant, engaging and effective, increasing the likelihood that users will retain what they learn because it connects directly to their role and its challenges, strengthening the organization’s security posture,” explain the experts at Proofpoint. “Driving consistent, measurable behavior change is not an annual exercise, but rather an ongoing, tailored process that reinforces resilience across the workforce.”

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.