Going to keep this short and sweet, I’ve been thinking recently about awareness pros using humour in cyber comms. I’m talking puns and playing on words, overdoing a theme to the point of cringe.

Arguments For:

• It helps to broach a serious subject in an approachable way
• Shows that security people are also capable of fun
• It might help get more eyes on your comms
• Could make your messaging more memorable

Arguments Against:

• People might think we’re patronising them
• Might detract from the seriousness of the message
• Breaks a convention which may not sit right with people
• Leadership might not like it, and you may be limiting your career prospects

Conclusion:

Classic get-out but in my opinion, it depends. It really depends on your context, if you’re in a stuffy financial services firm then probably not, if you’re in an environment where humour is commonplace and leadership are open to innovation and giving stuff a try.

My gut is telling me to avoid it because I don’t like the idea of security seeming like a joke, but at the same time, if using a cheap play on words helps your message to stick then maybe it’s worth giving it a go? May be worth some A/B testing in an upcoming newsletter.