Credit Union Links Executive Bonuses to Cyber Awareness After Phishing Surge
The Challenge
In late 2024, Clearwave Credit Union, a regional cooperative financial institution, experienced a surge in spear-phishing attempts targeting its employees. While no breaches occurred, several incidents resulted in credential exposure, prompting growing concern within the security team. The pattern revealed a deeper problem, cyber awareness training across the organization was outdated, inconsistently tracked, and largely ignored by senior leadership.
Executives and board members had not completed training modules in over a year, and cyber readiness metrics were not included in performance evaluations. Security incidents were treated as isolated IT issues rather than organizational risks. The lack of accountability allowed complacency to take root, leaving the credit union vulnerable to social engineering and insider threats.
The tipping point came when a simulated phishing campaign showed that more than half of executives clicked a malicious test link. The results convinced leadership that cybersecurity could no longer be delegated, it had to become a shared responsibility.
Our Solution
Our consulting team was brought in to transform Clearwave’s cyber awareness culture from the top down. We began by designing a performance-linked training framework that tied completion and engagement in cybersecurity exercises to executive and management bonuses. The initiative reframed awareness not as compliance, but as leadership accountability.
We developed role-specific simulations for directors, managers, and staff, covering phishing, business email compromise, and insider threat scenarios. Each session included debriefs to identify weak points and track improvement over time. An internal dashboard was launched to visualize participation, incident trends, and readiness metrics.
Additionally, we facilitated quarterly tabletop exercises where executives practiced incident response decision-making, supported by communications experts who helped integrate cybersecurity into Clearwave’s broader organizational culture.
The Value
Within months, engagement across all staff levels increased dramatically. Executive participation reached 100 percent, and the success rate of phishing simulations improved by over 60 percent. Regulators praised the credit union’s proactive approach, and member confidence grew following transparent communication about its new awareness strategy.
By embedding cybersecurity performance into compensation, Clearwave redefined what leadership accountability looked like. The organization emerged stronger, more cohesive, and more resilient, proving that awareness is most effective when it starts at the top.
Implementation Roadmap
1. Tie cybersecurity participation metrics to executive compensation
2. Launch mandatory training and phishing simulations for all staff
3. Create a centralized dashboard to monitor awareness metrics
4. Conduct quarterly tabletop exercises for leadership teams
5. Embed cybersecurity culture into corporate communications and performance reviews
