Layoffs hit Oracle Cloud teams in US, India, and Canada

Cybercriminals know something that many businesses are still learning: people remain the weakest link in any security system. Human error accounts for up to 95% of security breaches, making employees both the greatest vulnerability and the most powerful defence against cyber threats.

The government’s latest Cyber Security Breaches Survey reveals that half of all UK businesses experienced some form of cybersecurity breach in the last 12 months. For large businesses, this figure jumps to 74%. With the average cost of a data breach in the UK reaching £3.58 million, organisations can no longer afford to treat cybersecurity awareness training as a tick-box exercise.

Beyond traditional training

Traditional cybersecurity awareness programmes often fail because they treat employees as passive recipients of information. Workers sit through annual presentations, complete multiple-choice quizzes, and promptly forget most of what they learned. This approach fails to address the reality that different roles face different cyber risks.

Organisations should tailor training to specific job functions. Senior executives need awareness of whaling attacks where criminals impersonate trusted colleagues or business partners, while accounting staff require training on invoice fraud and payment redirection scams.

Employees should understand that cybercriminals actively research job roles on LinkedIn to craft convincing impersonation attacks. This targeted approach proves more effective than generic awareness sessions.

The power of gamification in building a security culture

Companies are increasingly opting for gamification to combat dull, outdated cybersecurity training. Here, gamification means using game elements like badges, points, leaderboards and real-time feedback to reinforce secure behaviour.

Staff might receive a fake phishing email and earn points for reporting it correctly. Those who fall for it get instant feedback and a chance to learn. It’s about building habits through repetition. Over time, employees start to spot threats faster and respond with more confidence.

Creating a cyber-aware workforce requires cultural change, not just training programmes. This means celebrating employees who report potential threats rather than criticising those who make mistakes. It means making security everyone’s responsibility, not just the IT department’s problem.

Industry events like the Cyber Security & Cloud Expo Europe provide valuable opportunities for security professionals to share best practices and learn about emerging threats. These gatherings highlight how collaboration between organisations strengthens everyone’s defences.

Around 76% of security leaders worry about the growing sophistication of cyber threats, and 72% consider themselves early adopters of technology to combat them. The focus on tools is clear, but many now recognise that technical solutions must be matched with investment in people.

Measuring success

Effective insider threat prevention requires continuous measurement and adjustment. Organisations track metrics like phishing simulation click rates, security incident reporting volumes, and employee confidence levels when handling suspicious communications.

The most successful programmes combine quantitative data with qualitative feedback. Regular surveys help identify knowledge gaps and cultural barriers that might prevent employees from following security protocols.

Companies are also measuring the business impact of their programmes. When employees become more vigilant, organisations see fewer successful attacks, reduced incident response costs, and improved regulatory compliance.

Building a human firewall demands a fundamental shift toward treating employees as active partners in cybersecurity defence. Organisations that invest in behavioural science, gamification, and real-time feedback create cultures where security awareness becomes second nature, transforming their greatest vulnerability into their strongest asset.

(Photo by Viktor Forgacs)

See also: Bouygues Telecom data breach exposes personal and banking details of 6.4 million customers

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Digital Transformation Week, IoT Tech Expo, Blockchain Expo, and AI & Big Data Expo.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.