Purchasing Annual Security Awareness Training

4 Tips for Purchasing Annual Security Awareness Training

Each year department directors must plan for a new fiscal year. This involves a mix of budget projections, an outlook of your departmental expenses, and the allocated approved amounts set for each itemized expense — including professional development. It can be a tedious undertaking to compare an assortment of security and cyber training options but investing in a truly valuable educational program can save you money in the long run.

When it comes to security training for your team, we must first acknowledge the importance of providing this type of education. Many times, due to human error, the instances of breaches and cyber-attacks have increased. The Hiscox 2022 Cyber Readiness Report shows the median cost of cyber-attacks has risen 29% in the past year. Since the pandemic, many employees are given the option to work either on a hybrid schedule or entirely remotely. This reality, or as some would call it, “the new normal,” has exponentially increased our vulnerability to these attacks.

As expected, and as part of our annual responsibility, the evaluation of training initiatives must be considered. In this case, the goal is to secure your company’s data and finances by selecting the best  security awareness programs for your teams.


Here are helpful tips designed to help guide you in selecting a valuable security awareness training program and to evaluate the effectiveness of each tool considered.

1.      Maintain Compliance

Depending on each sector, mandates exist to guide professionals on the training tools, assessments and reports needed to comply with regulations. These guidelines are not to be misunderstood as optional. For example, both HIPAA and GLBA are federal laws that require the safeguarding of both health and financial information.

Another example is now being applied for all Florida government employees. Effective July 1, 2022, security awareness training is a mandate. The approved House Bill 7055 requires state agencies and local governments to provide employee security awareness training annually and during the first 30 days of employment.

Do your research and find out how you will demonstrate compliance in your sector and within your company. Find detailed information on training due dates, reports and necessary checkpoints needed along the way.

2.      Segment Your Learners

Working with an array of technical competencies and assigning adequate coursework can be a challenge, but it’s an integral part of the process. To create an atmosphere of intentional learning, directors must first participate in deliberate preparation by first identifying each participant’s level of technological competency. There are several prescriptive or diagnostic tools available — where employees complete an online assessment designed to measure their security knowledge and cyber preparedness. The results of those assessments will allow you to segment your learners into groups. In each group, you can assign coursework specially selected based on their comprehension of the key topics you have identified.

Many times, the key topics are already identified and prescribed to different groups based on their sector or role at work. For example, The PCI (Payment Card Industry) is a sector within the financial industry that is responsible for all electronic payments. As purchases are completed through debit, credit, ATM, POS, prepaid and e-purse systems, sensitive financial data is constantly being transmitted to all parts of the world. As such, professionals in this sector must participate in annual training with specialized, required topics.

3.      Analyze Your Budget

How much does a valuable, educational package in security awareness cost? Let’s first evaluate the platforms necessary to deliver cyber training. If your company already hosts an internal learning management system (LMS) then expect to spend less. With an API connection, the learning modules you purchase can be integrated with the LMS that is already in place.

If you need to package an LMS with selected security training modules, become familiar with built-in features that allow you to perform several functions at no additional cost.

Whether you need the LMS or not, both options are proposed as per-user rates. Evaluate the size of your team. Larger companies often will take advantage of a tiered pricing structure—lowering the cost as the number of employees grows. Government clients also receive discounted prices since they often work with limited budgets.

Get the most bang for your buck by purchasing bundle packages. If your projected expenses include pen testing, social engineering, and network vulnerability assessments then save money by purchasing the services in one, discounted bundle for the year. Start by reviewing a list of vendors that offer various cyber solutions.

4.      Know Your LMS

Any learning tool, including an LMS, should never be presented as a one-size-fits-all product. Psychologists have identified four predominant learning styles: Visual, Auditory, Read/Write, and Kinesthetic. Incorporate active learning components when selecting your tools for learning. It’s crucial to purchase lessons that deliver videos, audio files, activities, and quizzes.

Aside from those necessary materials, an effective and functional LMS must present a user-friendly experience by hosting a menu or dashboard that is easy to navigate, shows learning progress, engages learners, and keeps them motivated with certificates or badges of completion.

All directors should be granted administrative access to create separate groups, assign modules, review participant progression, customize rubrics, produce granular reports, modify roles, and upload new employees. Grow familiar with these functions to best utilize the tools available to you.

Annual Security Awareness Training with ERMProtect

At ERMProtect, our team performs deep-dive assessments of the cybersecurity posture of organizations, their vendors and / or merger targets. We identify gaps, prioritize improvements and help implement solutions. Click here to speak with a Security Awareness Training Expert.

Get a curated briefing of the week's biggest cyber news every Friday.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

Intelligence and Insights

penetration testing red flags

Red Flags to Be Aware of in Penetration Testing Companies

It is important to do your research when selecting a penetration testing company. Here are a few red flags to be aware of when choosing penetration testing companies …
pci compliance test

How To Test for PCI Compliance

PCI Compliance tests are a critical step in protecting your organization against cyber threats. We outline the importance of PCI Compliance tests here …
Cybersecurity Penetration Testing

5 Types of Cybersecurity Penetration Testing

If you are looking for ways to improve your company’s cybersecurity, this guide can help. Here are five types of cybersecurity penetration testing …