Cyber security awareness training for employees: how continuous training protects your business

More than 90 percent of all cyberattacks are caused by human error. An employee who opens a phishing email or forgets to change their password can quickly become a security risk to an organization. If your employees are not aware of these threats, your data and systems are at risk. There is an effective solution to this: information security training. Through these trainings, your employees can become valuable protectors of your data. The cost of training is negligible compared to the potential damage that can result from an attack. The German Federal Office for Information Security (BSI) also recommends regular awareness training for employees to ensure the company's IT security.

What Cyber Awareness is exactly

Cyber awareness refers to the awareness of users and employees about the dangers of cyber attacks to networks, devices and company data. To create security awareness, it is important to have an understanding of the potential threats that can arise from checking email, interacting online, or simply surfing the web. Cyber awareness includes both an understanding of information security and knowledge of potential cyber threats and the actions that can be taken to prevent them.

Why cyber security awareness training is important

46% of companies in Germany were the victim of a cyber attack at least once in 2022 (source: Statista)  and according to Bitkom, cyber attacks cause more than 203 billion euros in damage to the German economy. Attacks by cyber criminals are becoming more frequent, more professional and more dangerous. They exploit deficits in companies' IT security to gain access to sensitive data. One of the biggest vulnerabilities is people, or human error. In fact, about 80% of cyber attacks are due to employee misconduct, resulting from a lack of knowledge and security culture.

Cyber security awareness training an essential component of an organization's IT security strategy. It is important to bring all employees up to speed on IT security and ensure that everyone in the organization is using safe work practices. These measures can prevent security threats, some of which can cause significant damage and cost.

Was Ihnen Awareness Training der Mitarbeiter bringt

Your benefits of awareness training of employees

Through training, employees can learn how to perform their work in a secure environment. They learn, for example, how to recognize e-mails and links from "dubious" senders or how to keep passwords and other sensitive information safe. They also learn to watch out for suspicious activity on their network and how to act correctly in the event of a cyberattack.

Another important factor is compliance. Many industries have specific policies and regulations that companies must adhere to, including security standards and protecting personal information. Through cyber security awareness training, companies can ensure that their employees are aware of and adhere to these compliance policies, which helps maintain the integrity of the company.

Enhanced cyber security

Awareness training is an important component of an organization's cybersecurity strategy because it helps increase employee awareness and understanding of the importance of cybersecurity. Through training, companies can foster a positive security culture in which employees actively participate in the company's security and are committed to security compliance. This promotes trust with customers and reduces the likelihood of security breaches.

Improving safety culture in companies

Awareness Trainings sind ein wichtiger Bestandteil der Cyber-Sicherheitsstrategie von Unternehmen, da sie dazu beitragen, das Bewusstsein und Verständnis der Mitarbeiter für die Bedeutung von Cyber-Sicherheit zu erhöhen. Durch die Trainings können Unternehmen eine positive Sicherheitskultur fördern, in der sich die Mitarbeiter aktiv an der Sicherheit des Unternehmens beteiligen und sich für die Einhaltung von Sicherheitsrichtlinien engagieren. Dies fördert das Vertrauen bei Kunden und reduziert die Wahrscheinlichkeit von Sicherheitsverletzungen.

Avoidance of unnecessary costs

Increasing your employees' cyber security awareness not only helps minimize potential damage from cyber attacks, but can also help avoid unnecessary costs. A successful attack can result in significant financial damage, such as the loss of sensitive data or the disruption of business operations. However, if employees are trained on how to recognize attacks and respond to them in an emergency, measures can be taken quickly to minimize or even prevent the damage.

Awarenett of the team for DSGVO

Through awareness training, companies can ensure that their employees are informed about the compliance and GDPR regulations and handle personal data sensitively. This helps ensure that the company complies with the legal regulations and thus avoids potential legal consequences.

How awareness training doesn't become a chore

There are a variety of methods to deliver your awareness training, from one-time weekend seminars for the entire team to ongoing one-on-one online training. When choosing a training method, it is important to ensure that the training:

  • is not boring: By using humor and variety, what is learned is better absorbed and retained.
  • is easy to understand: If the topic is not communicated in an understandable way, this can lead to employees becoming discouraged and the learning effect failing to materialize.
  • is interactive: Participants should be actively involved in the training and encouraged to take action in order to increase learning success.
  • is not too extensive: It is better to convey content in small steps rather than presenting an extensive learning block.
  • takes place regularly: Awareness training is not a one-time project, but an ongoing process. Therefore, training should take place continuously so that your employees are always up to date and what they have learned is integrated into their daily routine
  • fits into the time management of individual employees, so that training can be "consumed" when it is most convenient and employees are ready for it.

By taking these factors into account, awareness training can be made more effective while avoiding it being perceived as a chore.

Mimecast Screenshot im Notebook

Why Mimecast Awareness Training works more effective

In general, employees often perceive training as burdensome because it requires time and energy and may not be directly applicable to their daily work. As a result, training becomes ineffective and what is learned is quickly forgotten. To ensure that the training content sticks with employees and can be applied in practice, GRTNR.IT relies on three success factors in Mimecast cyber security awareness training:

Humorous content

The serious (and often boring) topic of IT security is conveyed in a humorous and entertaining way to also make the participants laugh. As a result, employees remain focused during the training and intuitively absorb the content better.

Short units

Instead of long training sessions over several hours on weekends or after work, the content of the Mimecast awareness training is condensed into 3- to 5-minute sessions that employees can work on once a week. The short, humorous modules are "easy to digest" and provide a welcome change in the workday.


Some employees pose a greater risk than others due to their function or work. Therefore, it is important that companies do not design awareness training in a blanket manner for all employees, but rather specifically address the needs and risks of individual departments or employees. Mimecast offers customized training for this purpose, specifically tailored to the requirements of certain groups or roles. For example, employees in accounting or finance can be trained specifically on phishing attacks or CEO fraud, while employees in other departments receive more general training.

Risk assessment using personalized cyber risk score

With Mimecast, you have the option to have an individual risk assessment created for each employee. Based on anonymized test data and the employee's behavior, a predictive model is created that helps you identify your biggest security risks among your employees and provide tailored training.

Tests before and after trainings

After each training session, a test is administered to document the employees' progress in terms of their understanding and behavior. The tests are not only important for monitoring success, but also show employees their progress and achievements.

Awareness training covers important content

Mimecast provides you with training videos on a weekly basis. This provides you with regularly updated training material that adapts to the ever-changing threats. Content covers the top potential cybercrime threats, such as:

  • Passwords to help employees learn what strong passwords are and why personal passwords are the No. 1 security leak.
  • Privacy to illustrate how to handle personal information of customers, employees, vendors and other partners.
  • Phishing training to help employees recognize phishing attacks and show examples of what happens when phishing messages are opened.
  • Ransomware to show what types of ransomware exist and what they can do.
  • CEO Fraud Forms to learn about CEO fraud and how employees can recognize the fraudulent CEO.
  • Industrial hygiene shows employees the importance of securing their screen, desk, and files/documents.
  • Learning privacy policies and what data needs to be protected and how.
Awareness Training

5 key benefits of mimecast awareness training

Mimecast's awareness approach includes a comprehensive program:

Video modules

Less is more: Each training module takes less than 5 minutes to complete. The modules are video-based, engaging sessions that alert employees to potential threats. Topics such as phishing, ransomware, passwords, CEO fraud, information protection, insider threats, and compliance-related content are included in the program. Content is regularly updated to reflect the latest cyber findings.


Tests before and after the trainings show the development and progress. The tests are realistic and conclude each module.

More knowledge: Awareness before and after training

Phishing33,0 %81,2 %246 %
BYOD28,1 %86,6 %308 %
Social Media37,7 %80,1 %212 %
Passwords12,5 %54,6 %437 %
Inadvertent Disclosure18,6 %78,4 %421 %
Insider Threat17,8 %62,6 %345 %
Shadow IT26,7 %53,9 %202 %
Storage Devices34,5 %88,2 %256 %
Reporting Threats17,8 %62,6 %345 %
Tailgating27,9 %67,2 %241 %

Figure Awarenesss knowledge before and after training:

Funny stories in „hollywood-quality“

The awareness trainings developed by Mimecast are presented in the form of humorous stories about people to avoid boring lectures or safety briefings. The trainings in an entertaining form encourage the employees to quickly pick up and remember the content.

Simple dashboard

Mimecast awareness training can be controlled from a simple dashboard and integrated into any security infrastructure. All parts of your awareness training program can be controlled from a single platform.

Mimecast SAFE Score TM

Thanks to Mimecast, it is possible for the first time that a security benchmark can be performed: You can compare the human safety performance of your employees with that of other companies in the industry.

FAQs about Cyber Security Awareness Training

IT news straight to your inbox

Subscribe to the GRTNR newsletter now

Bodo Gärtner

Book your free digital consultation with Bodo Gärtner.

Make an appointment