Cyber Training needs L&D Leaders

By Penny Jackson

Learning and development leaders understand that their value to an organisation is in their strategic alignment with the core ethos and goals. It's about being centrally involved in the shaping of company culture.

All businesses operate in a digital space from basic company administration to data management, to utilising technology to deliver core business services. A key component of business strategy is the comprehensive understanding of risk and managing the delivery of business against a risk framework.

In these digitally enabled times, cyber risk is among the greatest threats facing any business. The global cyber-crime economy this year has been estimated at $3trillion, which makes it the third largest economy after the USA and China.

In response to this, combatting cyber-crime has become a big industry itself and technology solutions proliferate. However, the most likely entry point for a cyberattack is human behaviour: 77% of all ransomware attacks are through human error.

The fact is, for a multitude of reasons the vast majority of cyber security training is inefficient. One of the key causes is that the training in most organisations is left to the security function to deliver. It is therefore not owned by the whole organisation and considered (even by senior executives) to be someone else's problem. It is not measured by its effective reduction of the risk but is measured by compliance and completion rates.

Unfortunately, 100% completion of a course does not correlate with 100% understanding.

Cyber criminals exploit human error, social engineering, or sloppy processes, to access an organisation. It is a

behavioural access point, or Achille's heel.

Most businesses now recognise the need for cyber training but what they miss is the inclusion of the Learning and Development teams to bring the cultural best practice and adoption of effective learning environments to the fore.

A recent straw poll of learning leaders asked them whether they had any involvement in delivering cyber training demonstrated that "No" was the common answer. The resonses were: "It's technical", "we are not qualified", "we are 'too busy".

The professional knowledge base of L&D teams, and their application of behavioural learning techniques, would greatly enhance effective cyber training. It could facilitate the embedding of individual ownership and engagement at all stages of a staff member's learning and development journey.

Ultimately, cyber security training requires the involvement of L&D leaders. The value of L&D lies in its ability to foster a culture of continuous learning and improvement.

L&D leaders can drive transformative change. Including L&D in the commissioning and or delivery of cyber training ensures that these initiatives are not developed in isolation but are integrated into the broader business strategy.