Products

Explore Our Customised Security Awareness Training and Human Risk Management Solutions - Equip your team with the essential skills to defend against modern cyber threats. Our platform offers everything from phishing simulations to comprehensive policy management, empowering your workforce to enhance security and ensure compliance effectively.

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

eLearning Content

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Compliance Management

Simplify Policy, Privacy, and Incident Management for Total Compliance

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Enterprises

A Security Awareness Training Solution For Large Enterprises

Education Sector

Engaging Security Awareness Training For The Education Sector

Tech Industry

Transforming Security Awareness Training In The Tech Industry

Governments

A Go-To Security Awareness Solution For Governments

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Resources Overview
Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Careers

Join Us and Make Cybersecurity Personal

Leadership Team

Meet the MetaCompliance Leadership Team

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

The Problem with Cyber Security Awareness Month

Cyber security awareness month

about the author

Share this post

Cyber Security Awareness Month, in Europe and the US, is part of a broad effort to help people stay safe and secure online. The initiative was launched in 2004 in the US and 2012 in Europe. This year the US event focused on “See Yourself in Cyber”. In Europe the effort promoted phishing and ransomware awareness.

We are obviously supportive of any efforts to support cybersecurity awareness. People are the weakest link in an organisation’s security efforts. Teaching them simple steps they can take to protect themselves online is important. It is still far easier for an adversary to trick someone into revealing a password or click on an email link than it is to penetrate a well-protected network. Good cyber security awareness can protect organisations from financial losses, compliance penalties, and reputational damage.

Yet, after years of events around an annual “Awareness Month,” exploiting poor cyber security awareness remains the primary attack vector in data breaches.

The 2022 Verizon Data Breach Investigation Report found that 82% of breaches in the previous year involved social engineering and phishing click rates continue to rise. Once attackers gain a foothold, they can establish command and control channels, move laterally to identify target data, encrypt data for ransomware demands, or steal sensitive information.

image

Cyber Security Awareness “Month”?

So yes, we support Cyber Security Awareness Month. It brings needed attention to a problem we have worked on solving for years. It may prompt some organisations to take their first steps to improve security awareness in their workforce or make their existing programs stronger.  We just object to treating cyber security awareness as an annual event.

Learning is not a one-time event. One does not learn to speak a new language or play a musical instrument by focusing on the task once each year. The same is true for recognising and avoiding cyber security threats. Learning to do any of these takes time and repetition.

When training sessions are events held once or why-do-we-forgettwice each year to meet compliance requirements, students do not retain knowledge.  The famous Ebbinghaus Forgetting Curve shows that students forget over 75% of a lesson in the first week alone. By the end of a month students retain only 21% of the lesson.

image 1

Building Employee Awareness

Teaching is a process, not an event. This includes teaching cyber security awareness. Studies show that the downward slope of the Forgetting Curve can be reduced with regular reinforcement of the lessons. These reinforcements need not include all the information from the lesson. The goal is to keep the learner thinking about the material and putting it to practical use.

image 2

Building a Cyber Awareness Culture

Cyber security awareness “month” can seem like a gimmick. An effective cyber security awareness program must be practiced 12 months of the year using a variety of tools and techniques.

eLearning lessons are certainly part of any successful program, but teams should reinforce lessons regularly through reminders, phishing simulations, micro-lessons, screensavers, and posters. Lessons should be geared to the different threats facing an organisation.

Training for finance teams should be tailored to the specific threats within the department. IT organisations must be alert for privileged credential theft. Everyone requires ongoing training for phishing and ransomware attacks.

A cyber security awareness program is an important part of an overall risk assessment. Those responsible for awareness programs must be able to track progress through reporting and initiate corrective actions where risk remains in the organisation. If individuals or teams score poorly on training, remedial training should be automatically scheduled.

Most importantly, organisations that are committed to cyber security awareness and online safety recognise the need for executive support. Regular messaging directly from senior leadership about the need for cyber security hygiene – and why it is a priority for the business –helps build a long-lasting security culture.

Security Awareness Training for Third-Party Vendor

Other Articles on Cyber Security Awareness Training You Might Find Interesting