Learning Management
How your eLearning Strategy Can Help Avert a Cyberattack
I just googled how much M&S lost following its recent cyber-attack and it’s around £300 million in operating profits. Harrods and the Co-op also suffered damage to their bottom-line.
The threats to organisations posed by cybercrime never seems to be out of the headlines. We hear about new mind-bending examples of attacks using deepfake technology that feel straight out of an episode of Black Mirror. And scarily, the threat from hostile countries is growing bigger in our rear-view mirror.
So what can we do to combat cyber attacks (other than hide under our desks)?
According to the UK Government’s 2025 Cyber security breaches survey, 43% of businesses and 30% of charities experienced a cybersecurity breach or attack in the past year. For medium and large businesses, that jumps to 67% and 74% respectively.
These high numbers are of little surprise, but buried beneath the data in the survey are two eyebrow-raising stats:
- 30% of large businesses and 43% of medium-sized businesses still do not have a formal cyber security strategy in place.
- 24% of large businesses, 46% of medium-sized businesses do not provide any staff training and awareness around cyber security.
This means training and awareness are a critical part of any cyber security strategy
UK government data shows 85% of business cyber incidents involve phishing, and other studies report that 95% of 2024 breaches were caused by user mistakes.
As demonstrated with the M&S attack, the vast majority of cyber breaches stem from human error – often because an employee is caught off guard or is tricked into divulging important.
Techniques for ‘tricking folk’ have become even more sophisticated – especially with the rise of AI. The usual tell-tale signs of typos and badly-formed sentences in scamming emails are largely eliminated with AI assistance. And now voice phishing, or vishing, is a thing – where deep fake voice mimicking is being used to impersonate legitimate individuals, typically to extract sensitive data or authorise fraudulent financial transactions.
Cyber awareness training is therefore more important than ever. It equips employees to recognise risks, respond appropriately to incidents, and support compliance.
While cyber defence strategies vary, training is the foundation that enables everything else, from change management to simulations and reporting. Without it, your defences are only as strong as your least-prepared team member.
8 Ways You Can Make your Cyber Security Learning More Effective
1. Extend Cyber Security Training to Suppliers and Third Parties
I’m making this my #1 tip because of what happened to M&S. Suppliers, contractors, and outsourced teams often have access to your data and systems, yet they may not be included in your training programme. In short, if they’re involved in your operations, they should be part of your cybersecurity culture too.
In the case if the M&S cyber-attack, M&S said that ‘threat actors’ had gained access to the retailer’s systems through one of its contractors. The clothing, food and homeware retailer confirmed the hackers used ‘social engineering’ techniques to attack them, such as posing as a staff member to fool the help desk into giving away passwords.
However, training access for non-employees isn’t always straightforward, especially if giving access to people outside of your network causes security concerns in itself.
2. Don’t Neglect Frontline and Remote Staff
Similar to the above, your frontline workers may not seem like obvious cyber targets, but their trusted relationships across the business make them prime candidates for social engineering attacks.
These users are often excluded from standard cybersecurity training, as they may not have a logon to your corporate system, or easy and secure access to your learning platform.
Providing alternative and easily accessible training on identifying and dodging cyber-security threats to the people on your ‘shop floor’ is therefore key.
3. Update your cyber security training regularly
The next biggest challenge by my reckoning is keeping up with the criminals.
New vulnerabilities and increasingly sophisticated and audacious attacks are emerging daily.
AI is only going to make that evolution even more rapid.
As I said in my intro, what previously would have been a text-based scam may now use voice simulation to fake a spoken request from the MD to the FD to make a payment to a scammer’s account.
Your training must therefore be reviewed and updated on a regular basis.
4. Avoid generic cyber security learning.
Many organisations lean on third-party content to drive cybersecurity awareness.
Some of the courses are excellent and are a valuable investment. However, such training can be generic and lack organisational context, making it less relevant to your specific line of business and therefore less impactful.
If you can, your training should include specific examples of scams that might occur that are relevant to your business.
You will also likely want to target different learning to different roles – new starters, customer-facing staff or those working remotely – but this may not be possible with ‘off-the-shelf’ training.
Technical roles will also need access to more specialist, deeper learning on thwarting cyber attacks, but arguably this training can take advantage of off-the-shelf content. Dare I say (plug alert) there’s additional third-party software you can use to ensure you have all your ‘drawbridges up’.
5. Be able to track security learning completion
The ability to track learning completion is essential for any organisation looking to reduce cyber risks – not just for those needing to meet the security assurances of frameworks like ISO 27001, customers or other external bodies.
In the aftermath of M&S, there’s no doubt some key stakeholders in your organisation that have a vested interest in knowing their workforce – and partners – are getting properly trained, and are keen to keep track of progress in the form of a regular update to ‘the board’ or highly visible dashboards.
6. Avoid ‘Tick-Box’ Learning
Most employees roll their eyes when it comes to mandatory learning. It’s usually dreary and dry, and it becomes a tick-box exercise.
Many will feel they’ve already ‘done this before’ and skip through it, risking missing critical updates or changes in policy and ‘new hacks’.
Making your training convenient, bite-sized and engaging is therefore essential if you want to make real behavioural change.
It’s not just about completing training, either. Being able to prove the learner has actually understood the content is essential. This is typically done with quizzes, but you may also want to stage some ‘dummy’ phishing attempts – see later in this article.
7. Unify Your Learning Delivery
In many organisations, learning can be fragmented across different systems and providers.
For example, if you have a Microsoft 365 E5 licence or Microsoft Defender, your IT team might be keen to deliver attack simulation training.
If cybersecurity training is also part of your L&D teams’s remit, this can lead to duplicated efforts, missed updates, and a disjointed experience for users.
This fragmented approach also makes it harder to deliver consistent messages or track progress effectively.
TIP: Discover how to link Microsoft’s attack simulation training with your learning platform.
8. Align Training with Broader Cybersecurity Initiatives
Cybersecurity isn’t just an IT issue – it’s a cross-functional effort involving policies, communications, and technical changes. Learning should reinforce these, not contradict or overlook them.
If your training isn’t aligned with your comms or incident processes, users may get mixed messages, or worse, fail to take the right action when it matters most.
How an LMS Can Improve Cyber Security Training
Investing in a learning management system (LMS) and making that the centre of your cyber security awareness program will overcome many of the challenges listed above.
Virtually every one of our clients who has implemented Learn365 (our LMS of choice which integrates with Microsoft 365) is using it for cyber security training.
In fact, the obvious need for cyber security learning represents an excellent opportunity to make a solid business case for acquiring an LMS, and on several occasions this has been the trigger for a buying decision.
Here are just some of the ways that an LMS – and specifically Learn365 – makes cyber security training more effective, helping to prevent data breaches and reducing the chance of an attack.
Delivering secure cyber-security training for suppliers & partners
Let’s prioritise the situation that occurred at M&S scenario again: Their attack ostensibly targeted a contractor, which makes delivering your company’s ‘base line’ cyber-security training to an external audience critical.
An important aspect of Learn365 is that is builds on the security already built into Microsoft 365. This makes it possible to deliver learning – safely and securely – to users outside of your organisation – i.e., guest users.
NHS Informatics Merseyside is a great example. They use Learn365 to deliver a secure online training portal to health and care partners across the region.
By taking advantage of Microsoft 365’s trusted identity and guest access controls, external users are able to self-register and complete mandatory training – all within a system designed to meet high security standards.
Convenient security training for frontline workers
As we mentioned earlier, it’s often the people on the periphery of your systems who can become an unexpected gateway for cyber threats. This includes partners but also direct employees that perhaps don’t have access to a dedicated user account because they’re working on the ‘shop floor’ or ‘in the field’.
Their trusted relationships and day-to-day personal interactions make such workers prime targets for social engineering, often opening the door to attacks without even realising it.
A solution like Flow365 (part of the Learn365 suite) can also effectively and securely deliver training to your frontline workforce both through a mobile app, or within the Microsoft Teams app, allowing them full access to eLearning within the system.
Check out our Flow365 demo video.
The ability to create and update ‘tailored’ learning at speed
As we said earlier, the cyber threat landscape is changing rapidly. Here’s how an LMS can help:
Ability to create a bespoke training package: Your LMS should allow you build a course that adds more context to your cyber security learning, for example:
- GENERIC COURSE: What is a phishing scam? Etc.
- COMPANY SPECIFIC TRAINING: How to report a phishing scam in our organisation.
- COMPANY SPECIFIC QUIZ
Fast content creation by non-L&D staff: For example, Learn365 makes it easy for anyone (not just the L&D team) to create content:
- You can use PowerPoint or other Office documents as part of your learning content.
- The use of AI makes it easy to create learning content – this includes the ability to generate quizzes from videos to test understanding.
This means your cyber security team could add an urgent learning update without the help of your L&D team.
Embedding learning into everyday workflows and communications
Getting engagement with eLearning – on any subject – is a challenge.
To help improve engagement – a good LMS should allow you to embed learning into everyday workflows – avoiding the need to switch to a different system, and enabling bite-sized, context-sensitive learning.
As Learn365 is integrated with Microsoft 365 and Teams all cyber security learning takes place where employees are actually working and can also be integrated into Teams notifications, Teams conversations and emailed reminders.
It can also be embedded in your enterprise SharePoint intranet.
Making cyber-security learning consistent with other learning
An LMS lets you bring the majority of your learning into one place, making it easier for employees to keep track of mandatory learning around and providing a less fragmented and frustrating experience.
This helps adoption and take-up of learning and also ensures you can provide a more consistent and standardised high level of training to drive cyber awareness.
Targeting training to users
A good LMS must also have the ability to target different training to different groups as required.
Learn365 is particularly good at this. As well as syncing with a range of data sources such as your HRIS, you can use existing Microsoft 365 groups to govern targeting.
This means you can establish the base cyber safety training everyone needs to know about, and then enrol other people into role-specific learning.
Tracking progress and meeting your security compliance remit
Being able to track cybersecurity learning and report on it is essential for raising awareness and meeting compliance obligations – especially where annual security certifications or policy renewals are required. For example, Essential has an annual remit to meet its UK government-based security certification: Cyber Essentials.
A robust LMS like Learn365 has the granular reporting you need on cyber-security learning, as well as related capabilities such as enabling ’employee attestation’ where users confirm they have read and understood a cyber security policy or successfully passed quizzes related to cyber-security.
As Learn365 is integrated with Microsoft 365 you can also integrate all these numbers into Power BI-based dashboards, publishing key facts and figures to all key cyber security stakeholders in your organisation.
Flexibility (clever stuff)
Another strength of an LMS like Learn365 is its flexibility. Because it’s built into Microsoft 365, you can go beyond simply delivering courses – you can create smart, security-focused workflows that can be used to support your cyber defence strategy.
For example, using Power Automate, you could make completion of cybersecurity training a prerequisite for system access – such as delaying Microsoft 365 account provisioning until training is completed as a guest user. This kind of intelligent integration helps ensure users are equipped and aware before they gain access to your environment.
Reducing the cost of training
As well as being able to generate training content more quickly and easily, having a single, centralised LMS means you can rationalise learning content.
Having multiple learning suppliers for your cyber security training course content means you can be looking at significant costs, particularly if you are using different suppliers across different locations.
By all means, get in touch if you want to get some ballpark pricing!
Want to learn more about our learning & engagement solution for Microsoft 365?
Get in touch to arrange a chat, pricing or a demonstration.
