Continuous Cybersecurity Learning Is Business-Critical

Uploaded on 2025-03-16 in TECHNOLOGY--Resilience, JOBS-Training, FREE TO VIEW

The cybersecurity landscape continues to evolve at an alarming pace. Last year, the global annual cost of a data breach reached $US4.88 million, a 10% increase from the previous year – and the largest annual rise since the pandemic. This year, organisations will encounter an array of emerging cyber threats, with attacks becoming more sophisticated, targeted, and damaging to business operations and reputation.

Yet, many companies lack the cybersecurity expertise needed to protect their organisation from increasingly sophisticated cyber threats.

In fact, the World Economic Forum revealed the cybersecurity skills gap has expanded 8% in the last year, despite only 14% of companies having the right level of cybersecurity expertise required in their organisation.

Fortunately, however, research shows that employees are proactively seeking digital reskilling opportunities amid market stagnation and economic downturn. In fact, more than three-quarters (79%) of UK employers have seen staff ask for digital upskilling and reskilling opportunities over the past twelve months. Encouragingly, this trend extends beyond the IT team – with 53% of nontechnical staff seeking cybersecurity reskilling opportunities, alongside 52% of IT staff.

In line with this, our 2025 Technology Trends report noted a marked increase in demand for cybersecurity learning materials. We have seen a significant rise in interest in top related skills, including machine learning (9.2%), AI (190%), GenAI (289%) and prompt engineering (456%). Additionally, access to learning materials about zero-trust security models, particularly around the implementation of strict authentication and access controls, increased by +13% year-on-year.

Collectively, these trends contribute to building a resilient workforce – specifically, one that can safeguard against emerging, more sophisticated threats – through upskilling rather than recruitment alone. So, what areas should businesses prioritise upskilling employees in? And how can they foster a culture of continuous learning to ensure preparedness across all levels and departments?

Today’s Threat Landscape

The nature of cyber threats has shifted dramatically in the last few years. Threat actors are leveraging advancements in GenAI to automate phishing campaigns, generate malicious code, and deploy convincing deepfakes. These tools lower the barrier to entry for less experienced hackers while amplifying the damage sophisticated attackers can inflict. This is significant when you consider that Gartner’s analysis found human errors account for almost 74% of all security breaches, with social engineering attacks exploiting the fact that humans are often the weakest link in security defences.

Meanwhile, vulnerabilities in software supply chains are an increasing concern. High-profile attacks on widely used libraries and dependencies highlight the need for greater vigilance in securing the development pipeline. As a result, learning resources on software supply chain security saw a 327% surge in 2024.

Additionally, the exploitation of poorly secured IoT devices has become a serious risk, as adoption continues to take off in industries like manufacturing, healthcare, and logistics. In the first five months of 2024 alone, security attacks on IoT devices surged by 107% compared to the same period in the previous year. These devices have become lucrative targets for cybercriminals to exploit weak authentication and outdated firmware to infiltrate networks, compromising operations and sensitive data.

Security has shifted from IT mandate to executive imperative, this is why continuous learning is a business-critical function.

Building A Robust Vontinuous Learning Strategy

The reality is static training programmes will fail to keep pace with today’s ever-changing threat landscape. Therefore, organisations must harness a continuous learning approach to ensure all employees – both IT teams and the wider business – are equipped to identify, mitigate, and respond to risks.

A continuous learning culture requires more than the occasional workshop or certification; it should foster curiosity and adaptability - empowering employees to take on new challenges, seek opportunities for growth and share their knowledge with others.  

So, how can organisations implement a continuous learning strategy without disrupting day-to-day operations? The answer lies in embedding cybersecurity learning directly into workflows and tailoring it to the unique needs of each team.

1.    Adopting “In the Flow of Work” learning: This form of learning enables employees to learn something new, apply it and quickly return to their work in progress. It is different from traditional learning approaches like attending a seminar or conference. These learning formats are effective, but many employees simply do not have the time to devote to them or they prefer to learn at a time that suits them best. 

On the other hand, ‘in the flow of work learning will provide staff with real-time access to high-quality learning content that addresses emerging threats and challenges at their point of need. A security analyst, for example, could quickly reference a tutorial on threat modelling during a live incident response or access a checklist for securing a Kubernetes cluster while deploying it. For best results, companies can offer ‘in the flow of work’ learning opportunities via an L&D partner, enabling staff across all levels and departments to access learning materials tailored to their unique learning style and objectives.
 
2.    Providing access to diverse learning modalities:  Different roles within an organisation require learning materials tailored to their unique level of expertise. Developers, for example, may need training on secure coding and dependency scanning, while non-technical teams might focus on phishing awareness and data protection practices. Offering diverse learning options, such as video tutorials, interactive labs, and virtual simulations, will enable every employee to learn in a way that resonates with them.

3.    Fostering a culture of shared knowledge:  Cybersecurity relies on specialists of every kind - CISOs, network systems administrators, cloud experts, and more - to achieve success. Organisations should encourage employees to share insights and best practices across teams, fostering a culture of collaboration. Regular knowledge-sharing sessions, gamified challenges, and cross-functional workshops can help embed cybersecurity awareness into the organisation’s DNA. At the same time, employees should prioritise cybersecurity-related L&D to make themselves an invaluable asset to their organisation – proactively identifying training opportunities that align with their unique learning style and objectives. 

At a time when bad actors are constantly diversifying their tactics, the most successful organisations will be those that prioritise the ongoing development of their people. Continuous learning is not just a defensive strategy, it is a pathway to innovation and growth.

This will be vital for companies to stay one step ahead while simultaneously unlocking the full potential of their workforce.

Alexia Pedersen is SVP International at O’Reilly

Image: Ideogram

You Might Also Read: 

Cyber Security Awareness Training For Management & Employees [extract]:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Protecting Digital Infrastructure Without Going Broke
What Apple's Standoff With The UK Government Means For Your Data »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

ClearedJobs.Net

ClearedJobs.Net

ClearedJobs.Net is a career site and job fair company for professionals seeking careers in the defense, intelligence and cyber security communities.

Siepel

Siepel

Siepel manufactures high quality shielded rooms and anechoic chambers dedicated to TEMPEST, NEMP & HIRF.

QA

QA

QA is a leading IT training provider in the UK with over 1,500 courses covering all areas of IT including Cyber Security.

Bowbridge

Bowbridge

Bowbridge provides anti-virus and application security solutions for SAP systems.

ABS Group

ABS Group

ABS Group provides risk and reliability solutions and technical services that help clients confirm the safety, integrity and security of critical assets and operations.

Norwest Venture Partners (NVP)

Norwest Venture Partners (NVP)

Norwest Venture Partners offer entrepreneurs a broad range of services to help them build their businesses at every stage of growth. Key sectors include AI, Infrastructure, SaaS and Security.

Sonrai Security

Sonrai Security

Sonrai Security delivers an enterprise security platform focused on identity and data protection inside AWS, Azure, and Google Cloud.

Emagined Security

Emagined Security

Emagined Security is a leading provider of professional services for Information Security and Compliance solutions.

Tetra Defense

Tetra Defense

Tetra Defense is a leading incident response, cyber risk management and digital forensics firm.

ConductorOne

ConductorOne

ConductorOne is building the identity security platform for the modern workforce.

Frontier Technology Inc. (FTI)

Frontier Technology Inc. (FTI)

Frontier Technology Inc provides the technology and deep data expertise to drive the best defense and intelligence solutions.

Reaktr.ai

Reaktr.ai

Reaktr.ai is founded on the vision of using AI as a catalyst to propel industries into a future where we redefine what's possible. Fortify your cybersecurity defense with our AI-powered platform.

Eleviant Tech (CTG Group)

Eleviant Tech (CTG Group)

Eleviant Tech (CTG Group) is a USA based digital transformation company with expertise in Mobile, Cloud, Web, IoT, AR, RPA, Cyberseurity and AI Technologies.

Diverto

Diverto

Diverto is a company that provides a high level of information security to companies, institutions and other organisations in an information-centric world.

Securitybricks

Securitybricks

Securitybricks specialize in cloud security and compliance. Our mission is to automate regulatory compliance backed by human validation.

Cybermate

Cybermate

Cybermate is the first affordable, gamified ‘Psybersecurity’ awareness training platform that reduces behavioural risk and achieves compliance with Australian cybersecurity standards.