Continuous Cybersecurity Learning Is Business-Critical

The cybersecurity landscape continues to evolve at an alarming pace. Last year, the global annual cost of a data breach reached $US4.88 million, a 10% increase from the previous year – and the largest annual rise since the pandemic. This year, organisations will encounter an array of emerging cyber threats, with attacks becoming more sophisticated, targeted, and damaging to business operations and reputation.

Yet, many companies lack the cybersecurity expertise needed to protect their organisation from increasingly sophisticated cyber threats.

In fact, the World Economic Forum revealed the cybersecurity skills gap has expanded 8% in the last year, despite only 14% of companies having the right level of cybersecurity expertise required in their organisation.

Fortunately, however, research shows that employees are proactively seeking digital reskilling opportunities amid market stagnation and economic downturn. In fact, more than three-quarters (79%) of UK employers have seen staff ask for digital upskilling and reskilling opportunities over the past twelve months. Encouragingly, this trend extends beyond the IT team – with 53% of nontechnical staff seeking cybersecurity reskilling opportunities, alongside 52% of IT staff.

In line with this, our 2025 Technology Trends report noted a marked increase in demand for cybersecurity learning materials. We have seen a significant rise in interest in top related skills, including machine learning (9.2%), AI (190%), GenAI (289%) and prompt engineering (456%). Additionally, access to learning materials about zero-trust security models, particularly around the implementation of strict authentication and access controls, increased by +13% year-on-year.

Collectively, these trends contribute to building a resilient workforce – specifically, one that can safeguard against emerging, more sophisticated threats – through upskilling rather than recruitment alone. So, what areas should businesses prioritise upskilling employees in? And how can they foster a culture of continuous learning to ensure preparedness across all levels and departments?

Today’s Threat Landscape

The nature of cyber threats has shifted dramatically in the last few years. Threat actors are leveraging advancements in GenAI to automate phishing campaigns, generate malicious code, and deploy convincing deepfakes. These tools lower the barrier to entry for less experienced hackers while amplifying the damage sophisticated attackers can inflict. This is significant when you consider that Gartner’s analysis found human errors account for almost 74% of all security breaches, with social engineering attacks exploiting the fact that humans are often the weakest link in security defences.

Meanwhile, vulnerabilities in software supply chains are an increasing concern. High-profile attacks on widely used libraries and dependencies highlight the need for greater vigilance in securing the development pipeline. As a result, learning resources on software supply chain security saw a 327% surge in 2024.

Additionally, the exploitation of poorly secured IoT devices has become a serious risk, as adoption continues to take off in industries like manufacturing, healthcare, and logistics. In the first five months of 2024 alone, security attacks on IoT devices surged by 107% compared to the same period in the previous year. These devices have become lucrative targets for cybercriminals to exploit weak authentication and outdated firmware to infiltrate networks, compromising operations and sensitive data.

Security has shifted from IT mandate to executive imperative, this is why continuous learning is a business-critical function.

Building A Robust Vontinuous Learning Strategy

The reality is static training programmes will fail to keep pace with today’s ever-changing threat landscape. Therefore, organisations must harness a continuous learning approach to ensure all employees – both IT teams and the wider business – are equipped to identify, mitigate, and respond to risks.

A continuous learning culture requires more than the occasional workshop or certification; it should foster curiosity and adaptability - empowering employees to take on new challenges, seek opportunities for growth and share their knowledge with others.  

So, how can organisations implement a continuous learning strategy without disrupting day-to-day operations? The answer lies in embedding cybersecurity learning directly into workflows and tailoring it to the unique needs of each team.

1.    Adopting “In the Flow of Work” learning: This form of learning enables employees to learn something new, apply it and quickly return to their work in progress. It is different from traditional learning approaches like attending a seminar or conference. These learning formats are effective, but many employees simply do not have the time to devote to them or they prefer to learn at a time that suits them best. 

On the other hand, ‘in the flow of work learning will provide staff with real-time access to high-quality learning content that addresses emerging threats and challenges at their point of need. A security analyst, for example, could quickly reference a tutorial on threat modelling during a live incident response or access a checklist for securing a Kubernetes cluster while deploying it. For best results, companies can offer ‘in the flow of work’ learning opportunities via an L&D partner, enabling staff across all levels and departments to access learning materials tailored to their unique learning style and objectives.
 
2.    Providing access to diverse learning modalities:  Different roles within an organisation require learning materials tailored to their unique level of expertise. Developers, for example, may need training on secure coding and dependency scanning, while non-technical teams might focus on phishing awareness and data protection practices. Offering diverse learning options, such as video tutorials, interactive labs, and virtual simulations, will enable every employee to learn in a way that resonates with them.

3.    Fostering a culture of shared knowledge:  Cybersecurity relies on specialists of every kind - CISOs, network systems administrators, cloud experts, and more - to achieve success. Organisations should encourage employees to share insights and best practices across teams, fostering a culture of collaboration. Regular knowledge-sharing sessions, gamified challenges, and cross-functional workshops can help embed cybersecurity awareness into the organisation’s DNA. At the same time, employees should prioritise cybersecurity-related L&D to make themselves an invaluable asset to their organisation – proactively identifying training opportunities that align with their unique learning style and objectives. 

At a time when bad actors are constantly diversifying their tactics, the most successful organisations will be those that prioritise the ongoing development of their people. Continuous learning is not just a defensive strategy, it is a pathway to innovation and growth.

This will be vital for companies to stay one step ahead while simultaneously unlocking the full potential of their workforce.

Alexia Pedersen is SVP International at O’Reilly

Image: Ideogram

You Might Also Read: 

Cyber Security Awareness Training For Management & Employees [extract]:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Protecting Digital Infrastructure Without Going Broke

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

California Cybersecurity Institute (CCI) - Cal poly

California Cybersecurity Institute (CCI) - Cal poly

The CCI provides a hands-on research and learning environment to explore new cyber technologies and train and test tactics alongside law enforcement and cyberforensics experts.

Spanish Network of Excellence on Cybersecurity Research (RENIC)

Spanish Network of Excellence on Cybersecurity Research (RENIC)

RENIC is a membership based sectoral association that includes research centers and other agents of the research cybersecurity ecosystem in Spain.

BELAC

BELAC

BELAC is the national accreditation body for Belgium.

Sergeant Laboratories

Sergeant Laboratories

Sergeant Laboratories builds advanced technologies to prove compliance in complex IT security and regulatory compliance situations.

KnectIQ

KnectIQ

Building Trust Environments in a Zero-Trust World. KnectIQ offers KIQAssure, an Ultra High Security Solution for Data in Flight.

SECFORCE

SECFORCE

SECFORCE is a leading information security consultancy specialising in bespoke penetration testing and red team engagements.

Cyolo

Cyolo

Cyolo’s Secure Access Service Edge (SASE) platform securely connects onsite and remote users to authorized assets, in the organizational network, cloud or IoT environments and even offline networks.

Broadcom

Broadcom

Broadcom is a global technology leader that designs, develops and supplies a broad range of semiconductor and infrastructure software solutions.

Alibaba Cloud

Alibaba Cloud

Alibaba Cloud is committed to safeguarding the cloud security for every business by leveraging a comprehensive suite of enterprise security services and products on the platform.

TotalAV

TotalAV

TotalAV Antivirus is a free-to-use app packed with all the essential features to find and remove malware, keeping you safe.

CampusGuard

CampusGuard

CampusGuard focuses on the cybersecurity and compliance needs of campus-based organizations including higher education, healthcare, and state and local government.

Qevlar AI

Qevlar AI

Qevlar AI empowers SOC teams, to eliminate redundant tasks and refocus on what truly matters - making the most of every employee within the SecOps team.

Invictus International Consulting

Invictus International Consulting

Invictus International Consulting are a recognized leader in full-spectrum cyber technology solutions designed to protect the security of our nation's global defense and critical infrastructure.

Amtivo Ireland

Amtivo Ireland

Amtivo Ireland (formerly Certification Europe and EQA) offers a range of certifications and related services.

SUCCESS Computer Consulting

SUCCESS Computer Consulting

SUCCESS Computer Consulting is a leader in managed IT and security services for small and medium-sized businesses in Minneapolis, St. Paul, and the surrounding Twin Cities Metro area.

Point Wild

Point Wild

Point Wild is a holding company that acquires, integrates and manages a diverse portfolio of best-in-class cybersecurity brands for consumers and enterprises.