Featured Resources


Phishing attacks have been on the rise for a long time now.

According to the UK government’s most recent cyber security breaches survey, they cause more data breaches than any other type of cyber attack – and they have done for a long time.



To demonstrate why security awareness training so often fails, it’s worth conducting a quick thought experiment.

Imagine you’re a smoker and, one day, you find out you’re genetically susceptible to lung cancer. Thanks to your genes, you’re two-three times more likely to contract lung cancer than the average person.

The elevated risk has nothing to do with your record of smoking – but continuing to smoke increases the risks even further.

Given the situation, do you think you’d be more or less likely to quit smoking than other smokers?

Studies shows that, actually, you’d be just as likely to continue smoking as others. Your new knowledge wouldn’t change your behaviour.

Could this also be why security awareness training sometimes fails?


Measuring The Effectiveness of Security Awareness Training

Online security awareness training is now the most popular form of security awareness training in the world. As we noted here, that’s good news when it comes to measuring the effectiveness of security awareness training.

Offline, things aren’t so easy to track. However, online it’s possible to see who is doing what where and when. It’s little surprise, then, that measuring the effectiveness of online security awareness training has been chiselled onto the agendas of CISOs for some time.

read more

Ten key topics to cover in cyber security awareness training

The scope of cyber security awareness training continues to increase. While the below list of topics to include in awareness training is far from exhaustive, each should be a foundational pillar of security awareness campaigns. Building campaigns around the below can decrease the risk of cyber attack – especially when campaigns account for the ABC of cyber security.

read more


In 2018 data breaches cost UK organisations an average of £6.4 million.
Human error, meanwhile, accounted for anywhere between 60% and 90% of those breaches.
Those facts alone are usually enough to convince people security awareness training is important.



At the time of writing, Google tells us security awareness training is “a formal process for educating employees about computer security.”You can bet it’s a prevalent definition: the search engine sifts through every indexed web page ever written on the topic to return the single, succinct and simple sentence.

(336) 530-3643


It’s an unfortunate fact, evident to both those who work in security and those who don’t, that security awareness training in its current form isn’t working.

read more

Stay up to date

Sign up to our newsletter for the latest cyber security news, views and insights.

Sign up