Growing Cyber Security Skills Across Your Organisation - Cyber and Fraud Centre

Cyber security skills aren’t built in one-off training sessions. That was one of the clearest messages from our recent membership webinar on growing cyber security skills across an organisation. What businesses and charities need is steady, practical learning that reflects how people actually work, and where risk sits.

What attendees told us

Live polling during the session showed a familiar picture:

General staff awareness was seen as the biggest skills gap.
Incident response readiness was the next priority, followed by supplier and third party understanding, then managers and decision-makers still need more confidence.

When asked what would make the biggest difference, two answers stood out:

More frequent, bite-sized training.
Realistic exercises and simulations.

Long courses and annual tick-box training simply aren’t doing the job.

One size doesn’t fit all

A recurring theme from the webinar was the need to tailor training by role. Different people within an organisation face different risks, and all need different support.

Frontline and general staff

Should focus on:

Short, regular awareness sessions.
Phishing simulations with clear, immediate feedback
Simple guidance on what to do when something feels off.

The aim isn’t technical knowledge, it’s confidence building and understanding of how to report something that doesn’t look right to reduce risks.

Line Managers and Team Leaders

These roles often become the first escalation point during an incident. Effective training for this group includes:

Scenario-based workshops.
Tabletop exercises built around ‘what would you do next?’.
Clear escalation process and decision-making framework.

This all helps managers to act calmly and consistently under pressure.

Senior Executives

Executives are often targeted directly and carry responsibility for organisational response and reputation. Training works best when it’s:

Short and focused.
Based on real incident scenarios.
Free from any technical jargon.

The goal is to help leaders ask the right questions and understand the impact of their decisions during an incident.

IT and Technical Teams

Hands-on labs and simulations.
Incident response rehearsals.

This provides opportunities to keep skills up to date while aligning cyber resilience actions with wider business priorities.

Making Cyber Learning Stick

Moving away from cyber security awareness to real capacity means shifting away from one-off sessions and towards continuous learning. Approached that our team have found that work well include:

Short, regular touchpoints rather than long courses.
Simulations and tabletop exercises.
Phishing tests that reinforce learning, not blame.
Internal champions and peer learning.

How to Prioritise Training

A simple way to start is by looking at:

Critical assets – what would hurt your organisation the most if compromised?
People and roles – who interacts with these assets?
Training priorities – focus learning where risk and impact are highest.

Using real incidents, near misses and audit findings helps ensure training stays relevant to your organisation and its risks, rather than nebulous threats.

If your organisation would like support with training team members, the Cyber and Fraud Centre – Scotland has a range of learning options as part of our Cyber Skills Academy. Ranging from Intro to Cyber Security for Staff, Incident Response Plan Testing and Secure Leaders: Cyber Security for Boards and Senior Leaders – we have CPD-accredited training to suit every sector, size and shape to grow your cyber security skills.

Get in touch with our team today for a free consultation on how we can help you build your cyber security resilience here – https://cyberfraudcentre.com/skills.

07.01.26

Blog