Cyber Security Awareness
Cyber security training for UK financial services that equips staff to be the first line of defence against phishing, ransomware and social engineering.
Want this course for your team?
See it in action and get pricing tailored to your firm and learner numbers.
Request a demoWhat is cyber security awareness and why does it matter?
Cyber security awareness is the practical knowledge staff need to spot and stop threats like phishing, ransomware and social engineering. It matters because the overwhelming majority of incidents involve a human element, such as a click on a malicious link or a reused password, and technology alone cannot keep a firm safe.
Who needs cyber security awareness training?
All employees need cyber security training, because attackers increasingly target people directly rather than well-configured systems. A single deceived member of staff can open the door to an incident that disrupts services and exposes customer data. Building awareness across the whole workforce is one of the most cost-effective security controls a regulated firm can deploy.
What does cyber security awareness training cover?
The training focuses on behaviour, not jargon. Staff learn to recognise phishing, smishing and social-engineering attempts and apply good password and multi-factor authentication (MFA) practice. Learners can handle data and devices securely, including when working remotely, and report a suspected incident quickly so the firm can respond before damage spreads.
What do the FCA and PRA expect from cyber security?
For UK regulated firms, strong cyber awareness supports wider obligations, including the operational resilience expectations of the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA), and the duty to protect personal data under the UK GDPR. Trained staff reduce the chance of incidents that disrupt important business services or trigger breach reporting and regulatory scrutiny.
What your team will learn
- Recognise phishing, smishing and social-engineering attempts
- Apply good password and authentication practice
- Handle data and devices securely, including when remote
- Identify how to report a suspected security incident
What's included
- ~20 min of focused, scenario-based learning
- CPD accredited (CII)
- Built-in quiz with a configurable pass mark
- Reviewed and kept current with UK regulation
- Time-stamped completion records for your audit trail
How it works
-
Assign it in seconds
Enrol a team, a role or your whole firm from the CityREPORTS dashboard, with automated reminders that chase completion for you.
-
Your team completes it
Learners work through the course at their own pace on any device, finishing with a short assessment that demonstrates understanding.
-
Evidence it to the regulator
Every completion is time-stamped and retained, so you can prove the right people did the right training at any moment.
Frequently asked questions
- Who needs cyber security awareness training?
- All employees need cyber security awareness training, because the overwhelming majority of incidents involve a human element, such as a click on a malicious link, a reused password or a convincing impersonation. Building awareness across the whole workforce is one of the most cost-effective security controls a regulated firm can put in place.
- What is phishing?
- Phishing is an attempt to trick someone into revealing information, credentials or money, or into installing malware, usually through a fake email, message or website that appears legitimate. Variants include smishing (by text) and vishing (by phone). Recognising the warning signs and reporting suspected attempts quickly is a core training outcome.
- How does cyber security training support FCA compliance?
- Strong cyber awareness supports wider UK regulatory obligations, including the FCA and PRA's operational resilience expectations and the duty to protect personal data under the UK GDPR. Trained staff reduce the likelihood of incidents that could disrupt important business services or trigger data breach reporting and regulatory scrutiny.
- How often should cyber security training be refreshed?
- There is no fixed statutory interval, but because threats evolve constantly, an annual refresher is the common standard, often supported by ongoing awareness activity such as simulated phishing. Training should also be updated when new attack techniques emerge so staff stay alert to the methods criminals are actually using.
Related courses
Data Protection (UK GDPR)
Data protection training for UK firms: a practical grasp of the UK GDPR, lawful processing, data subject rights and breach response.
Fraud Prevention
Fraud prevention training for UK firms, helping staff identify, prevent and report fraud, including authorised push payment (APP) and social engineering.
Operational Resilience
Operational resilience training for UK firms covering the FCA/PRA framework, important business services, impact tolerances and each team's role.