Forgetting curve

The forgetting curve is the empirical observation, first plotted by Hermann Ebbinghaus in Über das Gedächtnis (1885), that newly learned information decays exponentially over time unless it is reinforced. Ebbinghaus memorized lists of nonsense syllables, then tested himself at intervals; he found that roughly half of the material was gone within an hour, two-thirds within a day, and the curve continued to flatten downward over the following weeks.

For security leaders, the curve is the single best explanation of why annual or even quarterly security awareness training fails to change behavior. By the time an employee encounters the real phishing email, the OAuth consent prompt, or the public-link-sharing decision, the training content has decayed past the point of recall.

Defining properties of the curve as it applies to a workforce:

• Exponential, not linear. Most of the loss happens in the first 24-72 hours; the long tail is shallower.
• Stronger encoding slows decay. Material that was emotionally engaging, surprising, or tied to a real incident decays more slowly than dry compliance slides.
• Recall events reset the curve. Each time the learner successfully retrieves the information, the next decay curve is flatter — the basis for spaced repetition.
• Context-matched retrieval helps most. Recalling a phishing concept inside Slack, at the moment a suspicious DM arrives, is worth more than recalling it in an LMS quiz.

The practical conclusion is brutal for legacy security awareness training: the only way to keep retention above a useful threshold is to interrupt the curve repeatedly, with short reinforcement events spaced at decreasing intervals. That is the entire premise of behavior-centered programs that combine microlearning, nudges, and spaced-repetition quizzes.

Ebbinghaus’s 1885 numbers are still cited today because the curve is one of the most replicated findings in cognitive psychology — across modalities, populations, and over a century of study.