Continuous Cybersecurity Learning Is Business-Critical

The cybersecurity landscape continues to evolve at an alarming pace. Last year, the global annual cost of a data breach reached $US4.88 million, a 10% increase from the previous year – and the largest annual rise since the pandemic. This year, organisations will encounter an array of emerging cyber threats, with attacks becoming more sophisticated, targeted, and damaging to business operations and reputation.

Yet, many companies lack the cybersecurity expertise needed to protect their organisation from increasingly sophisticated cyber threats.

In fact, the World Economic Forum revealed the cybersecurity skills gap has expanded 8% in the last year, despite only 14% of companies having the right level of cybersecurity expertise required in their organisation.

Fortunately, however, research shows that employees are proactively seeking digital reskilling opportunities amid market stagnation and economic downturn. In fact, more than three-quarters (79%) of UK employers have seen staff ask for digital upskilling and reskilling opportunities over the past twelve months. Encouragingly, this trend extends beyond the IT team – with 53% of nontechnical staff seeking cybersecurity reskilling opportunities, alongside 52% of IT staff.

In line with this, our 2025 Technology Trends report noted a marked increase in demand for cybersecurity learning materials. We have seen a significant rise in interest in top related skills, including machine learning (9.2%), AI (190%), GenAI (289%) and prompt engineering (456%). Additionally, access to learning materials about zero-trust security models, particularly around the implementation of strict authentication and access controls, increased by +13% year-on-year.

Collectively, these trends contribute to building a resilient workforce – specifically, one that can safeguard against emerging, more sophisticated threats – through upskilling rather than recruitment alone. So, what areas should businesses prioritise upskilling employees in? And how can they foster a culture of continuous learning to ensure preparedness across all levels and departments?

Today’s Threat Landscape

The nature of cyber threats has shifted dramatically in the last few years. Threat actors are leveraging advancements in GenAI to automate phishing campaigns, generate malicious code, and deploy convincing deepfakes. These tools lower the barrier to entry for less experienced hackers while amplifying the damage sophisticated attackers can inflict. This is significant when you consider that Gartner’s analysis found human errors account for almost 74% of all security breaches, with social engineering attacks exploiting the fact that humans are often the weakest link in security defences.

Meanwhile, vulnerabilities in software supply chains are an increasing concern. High-profile attacks on widely used libraries and dependencies highlight the need for greater vigilance in securing the development pipeline. As a result, learning resources on software supply chain security saw a 327% surge in 2024.

Additionally, the exploitation of poorly secured IoT devices has become a serious risk, as adoption continues to take off in industries like manufacturing, healthcare, and logistics. In the first five months of 2024 alone, security attacks on IoT devices surged by 107% compared to the same period in the previous year. These devices have become lucrative targets for cybercriminals to exploit weak authentication and outdated firmware to infiltrate networks, compromising operations and sensitive data.

Security has shifted from IT mandate to executive imperative, this is why continuous learning is a business-critical function.

Building A Robust Vontinuous Learning Strategy

The reality is static training programmes will fail to keep pace with today’s ever-changing threat landscape. Therefore, organisations must harness a continuous learning approach to ensure all employees – both IT teams and the wider business – are equipped to identify, mitigate, and respond to risks.

A continuous learning culture requires more than the occasional workshop or certification; it should foster curiosity and adaptability - empowering employees to take on new challenges, seek opportunities for growth and share their knowledge with others.  

So, how can organisations implement a continuous learning strategy without disrupting day-to-day operations? The answer lies in embedding cybersecurity learning directly into workflows and tailoring it to the unique needs of each team.

1.    Adopting “In the Flow of Work” learning: This form of learning enables employees to learn something new, apply it and quickly return to their work in progress. It is different from traditional learning approaches like attending a seminar or conference. These learning formats are effective, but many employees simply do not have the time to devote to them or they prefer to learn at a time that suits them best. 

On the other hand, ‘in the flow of work learning will provide staff with real-time access to high-quality learning content that addresses emerging threats and challenges at their point of need. A security analyst, for example, could quickly reference a tutorial on threat modelling during a live incident response or access a checklist for securing a Kubernetes cluster while deploying it. For best results, companies can offer ‘in the flow of work’ learning opportunities via an L&D partner, enabling staff across all levels and departments to access learning materials tailored to their unique learning style and objectives.
 
2.    Providing access to diverse learning modalities:  Different roles within an organisation require learning materials tailored to their unique level of expertise. Developers, for example, may need training on secure coding and dependency scanning, while non-technical teams might focus on phishing awareness and data protection practices. Offering diverse learning options, such as video tutorials, interactive labs, and virtual simulations, will enable every employee to learn in a way that resonates with them.

3.    Fostering a culture of shared knowledge:  Cybersecurity relies on specialists of every kind - CISOs, network systems administrators, cloud experts, and more - to achieve success. Organisations should encourage employees to share insights and best practices across teams, fostering a culture of collaboration. Regular knowledge-sharing sessions, gamified challenges, and cross-functional workshops can help embed cybersecurity awareness into the organisation’s DNA. At the same time, employees should prioritise cybersecurity-related L&D to make themselves an invaluable asset to their organisation – proactively identifying training opportunities that align with their unique learning style and objectives. 

At a time when bad actors are constantly diversifying their tactics, the most successful organisations will be those that prioritise the ongoing development of their people. Continuous learning is not just a defensive strategy, it is a pathway to innovation and growth.

This will be vital for companies to stay one step ahead while simultaneously unlocking the full potential of their workforce.

Alexia Pedersen is SVP International at O’Reilly

Image: Ideogram

You Might Also Read: 

Cyber Security Awareness Training For Management & Employees [extract]:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Protecting Digital Infrastructure Without Going Broke

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Ixia

Ixia

Ixia provides testing, visibility, and security solutions to strengthen applications across physical and virtual networks.

Civica

Civica

Civica provides cloud-based managed IT services, hosting and outsourcing.

Tubitak

Tubitak

Tubitak is the scientific and technological research council of Turkey. Areas of research include information technology and security.

Backup112

Backup112

Backup112 has been delivering professional cloud backup services since 2004.

Cryptsoft

Cryptsoft

Cryptsoft provides key management and security software development toolkits based around open standards such as OASIS KMIP and PKCS#11.

Defence Intelligence

Defence Intelligence

Defence Intelligence is an information security firm specializing in advanced malware protection.

VietSunshine

VietSunshine

VietSunshine is a leading provider of network security infrastructure and solutions in Vietnam.

Danish Maritime Cybersecurity Unit

Danish Maritime Cybersecurity Unit

The Danish Maritime Cybersecurity Unit is tasked with delivering the initiatives set out in the Cyber and Information Security Strategy for the Maritime Sector.

Ergo

Ergo

Ergo is a world-class IT Partner of choice, leveraging the latest technology available in cloud, mobility, big data, analytics, and social media.

Stealth-ISS Group

Stealth-ISS Group

Stealth–ISS Group is your extended IT, cyber security, risk and compliance team, providing strategic guidance, engineering and audit services, along with technical remediation and security operations.

Epiphany Systems

Epiphany Systems

Epiphany enhances your defensive security controls by providing you with an offensive perspective. We expose the most likely attack paths to your most critical IT assets and users.

Astrill VPN

Astrill VPN

Astrill VPN is a Seychelles based Virtual Private Network(VPN) Company.

CFTS

CFTS

CFTS 'Computer Facilities Technical Services' is a Ugandan ICT Support Company that specialises in infrastructure and support services including network security.

Redington

Redington

Redington offer products and services in solution areas including digital transformation, hybrid infrastructure and cybersecurity.

Theori

Theori

Theori tackles the most difficult cybersecurity challenges from an attacker’s perspective and conquers them as the best strategic security experts.

ArmorX AI

ArmorX AI

ArmorX AI (formerly Kapalya) operates an encryption management platform designed to encrypt all data in transit and at rest on mobile end-points, corporate servers, and cloud servers.