As cyber attacks are becoming more frequent and more sophisticated, organizations are taking their cybersecurity more seriously. However, all the high-tech security tools on the planet can’t prevent a breach if the end users aren’t also being vigilant. That’s why many companies are taking new approaches to make sure their employees are taking cybersecurity seriously. Instead of punishing them for the mistakes they make, they are rewarding them when they get things right. The issue, many security experts say, is that traditional cybersecurity training is a chore for employees, and most training is designed to make employees fear the repercussions of clicking on risky links or using weak passwords. What’s more, they don’t fear the real-world consequences of data breaches, ransomware, and outright theft—they fear having to take more cybersecurity training. “Ask a young colleague to do word association,” says Amadeus Stevenson, chief technology officer of education-technology company Decoded. “When you say dog, they say cat. But when you say cybersecurity, they will say, ‘I’m sorry I clicked that email, please don’t send me to cybersecurity training.’ They’re terrified.” That’s why many companies are abandoning the proverbial stick for the carrot. Some are using games, contests, and prizes to reward employees and teach better cyber practices.