Notifications
Clear all
Topic starter
12/06/2026 10:03 pm
TL;DR: Cyber Security Awareness Month is often overwhelmed by vendor noise, but JumpCloud argues MSPs should use it to create one clear, client-facing security conversation, focusing on phishing, MFA, or password hygiene rather than broad awareness campaigns. The practical lesson is that trust-building beats feature-heavy messaging when clients need simple, actionable security guidance.
NHIMG editorial — based on content published by JumpCloud: an anti-blog post on making Cyber Security Awareness Month genuinely useful
Questions worth separating out
Q: How should MSPs make cyber security awareness month more effective?
A: They should narrow the campaign to one practical control outcome, then reinforce it through short conversations, simple examples, and repeatable client-ready material.
Q: Why do broad awareness campaigns often fail to change security behaviour?
A: They fail because they ask busy people to absorb too many messages at once.
Q: When should teams use stories instead of statistics in security awareness?
A: Use stories when the goal is behaviour change, not benchmarking.
Practitioner guidance
- Focus the campaign on one control outcome Pick a single high-impact theme such as phishing, MFA adoption, or password managers, then build every message around that one change so clients know exactly what to do.
- Run short client conversations instead of email blasts Offer a 15-minute informal session where clients can ask questions and hear examples tied to their own environment, which makes the guidance easier to absorb and act on.
- Replace statistics with relatable scenarios Use a simple story about a fake invoice, a reused password, or a missed MFA step so the client can connect the risk to a real behaviour rather than a generic warning.
What's in the full article
JumpCloud's full post covers the practical MSP messaging ideas this analysis intentionally leaves at the strategy level:
- A plain-language approach to turning awareness month into client conversation rather than another email campaign
- Examples of simple October themes MSPs can reuse across different customer environments
- Suggestions for making security guidance feel more like partnership than lecture
- Ideas for using lightweight, customizable materials that are easy to adapt for clients
👉 Read JumpCloud's guidance on making Cyber Security Awareness Month useful for MSPs →
Cyber security awareness month: what MSPs should actually do?
Explore further
13/06/2026 12:34 am
Broad awareness campaigns fail when they try to do too much at once. Security awareness is most effective when it drives one specific behaviour change instead of trying to fix every user risk in a single month. That is a governance lesson as much as a communication lesson, because overloaded messaging reduces attention, action, and follow-through. The practitioner conclusion is to treat awareness as a control-enablement exercise, not a content calendar.
A few things that frame the scale:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to The 2026 Infrastructure Identity Survey.
- Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption, which shows how quickly governance can lag behind adoption.
A question worth separating out:
Q: Who is responsible for turning awareness into better security outcomes?
A: Responsibility sits with the security partner or MSP that understands the client’s environment and can translate risk into a specific action. Awareness only becomes useful when it supports a real control decision. The partner’s job is to make the advice simple enough that the client can use it immediately.
👉 Read our full editorial: Cyber security awareness month should drive client conversations
