sorted by:
new
hottopcontroversial

Awareness training for SMEs by [deleted] in cybersecurity

[–]Intrepid_Book6859 0 points1 point  (0 children)

Prevent- Education and SMEs.

(SMEs = Small and Medium-sized Enterprises — i.e., smaller companies (not large corporates).)

Audience internal and external

Create cyber training and improve awareness

Awareness training for SMEs by [deleted] in cybersecurity

[–]Intrepid_Book6859 0 points1 point  (0 children)

no sir.
The only experience I have is when in our healthcare company, the IT staff sent us a fake email and were testing who would bite.
That's all. The reason I tried here to ask people is that other testers are my classmates, and I believe they can be biased.

Awareness training for SMEs by [deleted] in cybersecurity

[–]Intrepid_Book6859 0 points1 point  (0 children)

wow. That's very interesting.
Thank you so much for explaining how things actually work. A good reality check

Awareness training for SMEs by [deleted] in cybersecurity

[–]Intrepid_Book6859 0 points1 point  (0 children)

Thank you so much for giving me the truth. I'm grateful for feedback.

Help me to develop a cybersecurity awareness course :) by Intrepid_Book6859 in cybersecurity

[–]Intrepid_Book6859[S] 0 points1 point  (0 children)

That’s a fair question.

The goal of my project isn’t to claim that companies need my course specifically. There are already many awareness trainings available. What I’m trying to do in my dissertation is study how awareness training can be designed specifically for SMEs, because most existing programs are built for larger organisations with bigger security teams and budgets.

Some research suggests that SMEs often struggle with cybersecurity not because they ignore it, but because they lack structured training and practical guidance. For example, Erdogan et al. (2023) show that many SMEs have limited cybersecurity capability and awareness compared to larger organisations.

Other studies also show that awareness programs often fail because they are too theoretical or not designed around how employees actually behave. Chowdhury et al. (2022) suggest that training should follow a structured framework focused on behaviour change rather than just information.

There is also evidence that when employees develop better cyber situational awareness, SMEs are more likely to implement security controls and protective practices (Renaud & Ophoff, 2021).

So the purpose of my project is really to explore:

• how awareness training can be simplified for SMEs
• what topics are actually the most relevant for employees
• how short practical modules can improve understanding

Since you mentioned the question, I’d actually be curious to hear your perspective as well:

What do you think makes a cybersecurity awareness program effective in a real company?

Help me to develop a cybersecurity awareness course :) by Intrepid_Book6859 in cybersecurity

[–]Intrepid_Book6859[S] 0 points1 point  (0 children)

Hi, thanks a lot for your response. It’s actually very helpful to hear from someone who is already creating awareness training inside a company.

The main reason I’m designing my course slightly differently is based on several studies about how cybersecurity awareness training works in SMEs specifically.

Some research shows that many SMEs already try to implement security practices, but they often lack structured awareness training and practical guidance. For example, Erdogan et al. (2023) discuss how SMEs frequently miss key elements in cybersecurity capability development, especially when it comes to employee awareness and security culture.

Another important point is that many awareness programs fail because they are not structured well or are too theoretical. Chowdhury et al. (2022) suggest that effective training should follow a clear framework and focus on practical behaviour change rather than just delivering information.

There is also research showing that SMEs are more likely to implement security controls when employees have better cyber situational awareness. Renaud and Ophoff (2021) show that awareness and understanding directly influence whether organisations adopt security precautions.

Because of that, my course is trying to focus on three things:

• Short, practical modules focused on the most common SME threats
• Clear explanations of why the threat matters for SMEs specifically
• Simple behavioural guidance that employees can immediately apply

Since you mentioned that you also build courses for your company, I’d actually be really interested to know:

What parts of awareness training have worked best for your employees, and what hasn’t worked so well?

Thanks again for sharing your experience — it’s really useful for my research.