Cyber security training budget, do you have one?

Cyber security training is quite often considered as something businesses need to do once, and once the training has been delivered, they don’t need to revisit it for another year. Cyber crime is an ever changing and developing threat, so this one-pronged approach is not an adequate way to tackle the threat to your business.

Cyber security training provider Cybint recently shared that 95% of cyber security breaches are due to human error, so ensuring your cyber security training is in your budget is critical. It was also revealed in the Department of Media, Sport and Culture’s recent Cyber Security Breaches Survey that a total of 14% businesses trained employees on cyber security and only 20% actually tested their employees with a mock phishing exercise.


Any business of any size can be hit by a cyber attack and these don’t just come in the form of attacks on computers or mobile devices. There are other ways to extract sensitive and private information from businesses which cyber criminals are acting upon.


A recent Freedom of Information (FOI) request has revealed that the Cabinet Office has spent more than £300,000 on cyber security training for employees over the last two years, this is an increase of almost 500%. The request showed that the Cabinet Office spent £274,142 on training courses covering ethical hacking, digital forensics and cyber security in the 2020-21 financial year.


Commenting on Cabinet Office's cyber spending, security expert Andy Harcup, senior director at Gigamon, said: "The Cabinet Office is tasked with managing some of the most sensitive data imaginable, so increasing cyber training and resources is a wise move, particularly with hackers relentlessly targeting government departments.


Now, we know that all businesses are not able to have a budget like this for cyber security and related training, but not having any budget for it is no longer an option. At The Cyber Resilience Centre for the South east, we offer Security Awareness Training that is focussed on those with little or no cyber security or technical knowledge and is delivered in small, succinct modules using real world examples.


The training is tailored to each individual audience to provide the right level of skills and context for your business. The trainers are highly knowledgeable, personable and friendly and pride themselves on providing the right environment for your people to feel comfortable and to ask questions.


We recently delivered the Security Awareness Training to the Thames Valley Partnership who are a charity based in the South East region. The partnership works with organisations operating within the Criminal Justice system and allied services to provide long-term solutions to the problems of crime and social exclusion.


A representative from the Thames Valley Partnership said: “Just a short note to say a massive thank you to Chris, who delivered a great training session to our staff this week. I have to say, mostly they find IT deadly boring and probably groaned when they saw my email to book into the training session! However, we got some really positive feedback and they all stayed engaged right to the end.


“Chris has great delivery as a trainer and made it interesting and relevant. I definitely think they all went away feeling much more in control and better placed to identify security risks, for the work and their personal IT security at home – which is really important now that more of them are working remotely too.”


Find out more about our Security Awareness Training and our other available services on our dedicated Cyber Services page.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.