Continuous Cybersecurity Learning Is Business-Critical

The cybersecurity landscape continues to evolve at an alarming pace. Last year, the global annual cost of a data breach reached $US4.88 million, a 10% increase from the previous year – and the largest annual rise since the pandemic. This year, organisations will encounter an array of emerging cyber threats, with attacks becoming more sophisticated, targeted, and damaging to business operations and reputation.

Yet, many companies lack the cybersecurity expertise needed to protect their organisation from increasingly sophisticated cyber threats.

In fact, the World Economic Forum revealed the cybersecurity skills gap has expanded 8% in the last year, despite only 14% of companies having the right level of cybersecurity expertise required in their organisation.

Fortunately, however, research shows that employees are proactively seeking digital reskilling opportunities amid market stagnation and economic downturn. In fact, more than three-quarters (79%) of UK employers have seen staff ask for digital upskilling and reskilling opportunities over the past twelve months. Encouragingly, this trend extends beyond the IT team – with 53% of nontechnical staff seeking cybersecurity reskilling opportunities, alongside 52% of IT staff.

In line with this, our 2025 Technology Trends report noted a marked increase in demand for cybersecurity learning materials. We have seen a significant rise in interest in top related skills, including machine learning (9.2%), AI (190%), GenAI (289%) and prompt engineering (456%). Additionally, access to learning materials about zero-trust security models, particularly around the implementation of strict authentication and access controls, increased by +13% year-on-year.

Collectively, these trends contribute to building a resilient workforce – specifically, one that can safeguard against emerging, more sophisticated threats – through upskilling rather than recruitment alone. So, what areas should businesses prioritise upskilling employees in? And how can they foster a culture of continuous learning to ensure preparedness across all levels and departments?

Today’s Threat Landscape

The nature of cyber threats has shifted dramatically in the last few years. Threat actors are leveraging advancements in GenAI to automate phishing campaigns, generate malicious code, and deploy convincing deepfakes. These tools lower the barrier to entry for less experienced hackers while amplifying the damage sophisticated attackers can inflict. This is significant when you consider that Gartner’s analysis found human errors account for almost 74% of all security breaches, with social engineering attacks exploiting the fact that humans are often the weakest link in security defences.

Meanwhile, vulnerabilities in software supply chains are an increasing concern. High-profile attacks on widely used libraries and dependencies highlight the need for greater vigilance in securing the development pipeline. As a result, learning resources on software supply chain security saw a 327% surge in 2024.

Additionally, the exploitation of poorly secured IoT devices has become a serious risk, as adoption continues to take off in industries like manufacturing, healthcare, and logistics. In the first five months of 2024 alone, security attacks on IoT devices surged by 107% compared to the same period in the previous year. These devices have become lucrative targets for cybercriminals to exploit weak authentication and outdated firmware to infiltrate networks, compromising operations and sensitive data.

Security has shifted from IT mandate to executive imperative, this is why continuous learning is a business-critical function.

Building A Robust Vontinuous Learning Strategy

The reality is static training programmes will fail to keep pace with today’s ever-changing threat landscape. Therefore, organisations must harness a continuous learning approach to ensure all employees – both IT teams and the wider business – are equipped to identify, mitigate, and respond to risks.

A continuous learning culture requires more than the occasional workshop or certification; it should foster curiosity and adaptability - empowering employees to take on new challenges, seek opportunities for growth and share their knowledge with others.  

So, how can organisations implement a continuous learning strategy without disrupting day-to-day operations? The answer lies in embedding cybersecurity learning directly into workflows and tailoring it to the unique needs of each team.

1.    Adopting “In the Flow of Work” learning: This form of learning enables employees to learn something new, apply it and quickly return to their work in progress. It is different from traditional learning approaches like attending a seminar or conference. These learning formats are effective, but many employees simply do not have the time to devote to them or they prefer to learn at a time that suits them best. 

On the other hand, ‘in the flow of work learning will provide staff with real-time access to high-quality learning content that addresses emerging threats and challenges at their point of need. A security analyst, for example, could quickly reference a tutorial on threat modelling during a live incident response or access a checklist for securing a Kubernetes cluster while deploying it. For best results, companies can offer ‘in the flow of work’ learning opportunities via an L&D partner, enabling staff across all levels and departments to access learning materials tailored to their unique learning style and objectives.
 
2.    Providing access to diverse learning modalities:  Different roles within an organisation require learning materials tailored to their unique level of expertise. Developers, for example, may need training on secure coding and dependency scanning, while non-technical teams might focus on phishing awareness and data protection practices. Offering diverse learning options, such as video tutorials, interactive labs, and virtual simulations, will enable every employee to learn in a way that resonates with them.

3.    Fostering a culture of shared knowledge:  Cybersecurity relies on specialists of every kind - CISOs, network systems administrators, cloud experts, and more - to achieve success. Organisations should encourage employees to share insights and best practices across teams, fostering a culture of collaboration. Regular knowledge-sharing sessions, gamified challenges, and cross-functional workshops can help embed cybersecurity awareness into the organisation’s DNA. At the same time, employees should prioritise cybersecurity-related L&D to make themselves an invaluable asset to their organisation – proactively identifying training opportunities that align with their unique learning style and objectives. 

At a time when bad actors are constantly diversifying their tactics, the most successful organisations will be those that prioritise the ongoing development of their people. Continuous learning is not just a defensive strategy, it is a pathway to innovation and growth.

This will be vital for companies to stay one step ahead while simultaneously unlocking the full potential of their workforce.

Alexia Pedersen is SVP International at O’Reilly

Image: Ideogram

You Might Also Read: 

Cyber Security Awareness Training For Management & Employees [extract]:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Protecting Digital Infrastructure Without Going Broke

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

KPN Security

KPN Security

KPN Security is the largest and most complete provider of IT security services in the Netherlands.

Equilibrium Security Services

Equilibrium Security Services

Equilibrium Security Services is a specialist cyber security company providing a full spectrum of IT security solutions from consultancy to design & implementation and managed security services.

Perception Point

Perception Point

Perception Point is a Prevention-as-a-Service company, built to enable digital transformation. Our platform offers 360-degree protection against any type of content-based attack.

Qasky

Qasky

Anhui Qasky Quantum Technology Co. Ltd. (Qasky) is a new high-tech enterprise engaged in quantum information technology industrialization in China.

MicroSec

MicroSec

MicroSec is a company specializing in IoT security. We focus on bringing enterprise grade security to IoT and embedded systems.

ClubCISO

ClubCISO

ClubCISO is a community of peers, working together to help shape the future of the information security profession by facilitating independent discussion on data security and cyber resilience.

Vala Secure

Vala Secure

Vala Secure is a cybersecurity and compliance consultancy that always stays ahead of regulations, future threats and ever-changing security environments.

Orro Group

Orro Group

Orro create 'future now' solutions that make it faster, simpler and safer for you to access, store and share information. Wherever, whenever and with whomever you want.

Difenda

Difenda

Difenda Shield is a fully integrated and modular cybersecurity suite that gives your organization the agility it needs to implement a world-class cybersecurity system.

SMARTEST

SMARTEST

SMARTEST is a world-class IT solutions provider active in the most challenging and demanding industries such as the oil and gas industries.

StarLink

StarLink

StarLink is an acclaimed Value-Added Distributor across the Middle East, Turkey and Africa regions with on-the-ground presence in 20 countries including UK and USA.

Klaatu IT Security (KITS)

Klaatu IT Security (KITS)

Klaatu IT Security is a boutique provider of cyber security services, empowering our clients to prioritise and reduce their cyber risk.

JLS Technology

JLS Technology

Since 2007, JLS Tech has been recognized as one of the world’s most innovative cybersecurity and technology operations leaders.

Cloudaeris

Cloudaeris

Cloudaeris is a trusted Microsoft Partner, and we've got what it takes to make your business more efficient and agile.

Career Smarter

Career Smarter

Career Smarter offers accredited online courses in cybersecurity and other sectors, helping learners gain industry-recognised certifications.

Yondu

Yondu

Yondu empowers businesses across various industries through a wide array of innovative technology solutions to help them scale in the new digital economy.