Arrow back

Why your business’ cybersecurity training strategy isn’t working

24 September, 2021

Having a strong cybersecurity strategy is more important than ever for businesses, with hacking attempts and other online scams growing in frequency.

In a world where technological solutions are considered first, you might well be surprised to hear that 90% of cybersecurity breaches happen due to simple human error. That’s why every good cybersecurity strategy places employee training at its core.

Fortunately, the number of companies considering the human angle in their cybersecurity strategy is growing.

Unfortunately, many of those strategies fail. Sound like you?

Join us as we share some of the common reasons why training strategies fail:

Your training is reactive, not proactive

Many businesses make the mistake of only providing training only when they “need” to.

Whether it’s the sudden realisation that you need to achieve compliance or if the discovery that you’ve been breached, many training programmes are embarked upon reactively, rather than proactively.

Having a more proactive approach to training will help to pre-empt issues and give employees the necessary knowledge before a problem arising that leads to a data breach.

Over-valuing certifications

A common mistake is taking certifications as proof of an employee’s skills. Certifications are proof of knowledge in a specific subject but may not reflect their skills.

So, an employee might be able to answer a set of questions related to cybersecurity but having the skills to take the best actions to protect your business is another story. If you want your employees to have good cybersecurity skills, they need a training course that develops these skills, not training that is a tick-box exercise.

Opting for a one-size-fits-all approach

If your cybersecurity training isn’t tailored to your organisation, this could be severely limiting the effectiveness of your training.

We all have differing levels of knowledge, different biases and, of course, unique personalities - all of which determines your relative risks to various forms of attack.

Training that is tailored to the specific individual’s learning needs, such as Bob’s Culture, is more likely to be effective and therefore your employees will be in a better position to make the most suitable cybersecurity actions.

Bob’s Culture includes our unique Human Vulnerability Assessment, which involves completing a Phishing Baseline and Awareness Questionnaire to build a customised training rollout. This approach identifies potential blind spots and skills gaps that could leave your business vulnerable to a cyberattack, delivering training that’s relevant to your team and your organisation.

Not all employees will react to threats such as phishing emails in the same way, for example, one employee might be more optimistic than their more cautious peers, which could lead to them clicking a link that allows hackers to access your systems.

By tailoring training content around the individual, you give each employee the skills and knowledge to take the best course of action when faced with a potential cyberattack.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance