Reputational damage
Clients, recruits, and partners may lose confidence in an organisation that cannot safeguard information.
Modern attacks target both technology and human behaviour. This training explains how to recognise common threats, protect company information, and respond quickly when something goes wrong.
Average global cost of a data breach in 2025
IBM Cost of a Data Breach 2025Breaches involving ransomware in 2025
Verizon DBIR 2025Reported Business Email Compromise losses in 2025
FBI IC3 2025Average annual insider-risk cost per organisation
CISA Insider Threats 101Breaches involving the human element
Verizon DBIRSecurity incidents can damage trust, interrupt operations, expose information, and create substantial financial and regulatory consequences.
Clients, recruits, and partners may lose confidence in an organisation that cannot safeguard information.
Attackers may commit fraud, interrupt operations, or make important systems unavailable.
Data breaches can trigger serious regulatory action, including substantial GDPR penalties.
Exposed credentials may allow attackers to extract, manipulate, destroy, or block access to data.
General information: Ransomware is malicious software that blocks access to files, systems, or networks and demands payment for restoration. Modern attacks often combine encryption with data theft, meaning the victim may face both operational shutdown and the threat of public data exposure. Infection can begin through a malicious attachment, unsafe download, compromised website, stolen account, or unpatched system.
FBI IC3 recorded more than 3,600 ransomware complaints and over $32 million in directly reported losses in 2025. Complaint totals do not fully capture business interruption, recovery specialists, replacement equipment, legal work, lost customers, or ransom payments handled outside IC3 reporting.
Document.pdf.scr.General information: Social engineering attacks exploit trust, authority, fear, urgency, curiosity, or routine business processes. Instead of breaking technical controls directly, the attacker persuades a legitimate user to click, disclose, approve, pay, or grant access. Phishing may arrive through email, SMS, voice calls, social media, collaboration platforms, or fake login pages.
The FBI has documented more than $55 billion in global exposed BEC losses from October 2013 through December 2023. IBM’s 2025 breach research also identified phishing as the most common initial vector, accounting for 16% of studied breaches and averaging about $4.8 million per incident.
Messages impersonate trusted people or organisations. Whaling targets executives and senior decision-makers.
Attackers imitate colleagues, managers, vendors, or finance contacts to redirect payments or obtain information.
False rewards or alarming warnings pressure victims into downloading software, paying money, or sharing access.
Check for unknown senders, unusual behaviour, and look-alike domains.
Watch for strange sending times or unrelated recipient groups.
Treat unexpected files, irrelevant subjects, and fake reply threads as suspicious.
Hover over links and confirm the true destination before clicking.
Urgency, threats, rewards, generic greetings, and emotional pressure are red flags.
General information: An insider threat exists when a person with authorised access, trusted knowledge, or physical proximity creates harm. The person may be an employee, contractor, former worker, supplier, or partner. The event may be deliberate, accidental, or caused by someone knowingly bypassing policy for convenience.
That included 19% attributed to mistakes and 8% to misuse. IBM’s 2025 global benchmark placed the average breach cost at $4.44 million, illustrating the potential financial scale when an internal error or misuse exposes sensitive information.
Intentional theft, sabotage, fraud, espionage, or deliberate disclosure.
Clicking a phishing link, sending information to the wrong person, or losing equipment.
Knowingly bypassing policy for convenience without intending to cause harm.
General information: Identity attacks focus on passwords, authentication prompts, recovery details, browser sessions, and trusted devices. A stolen password may be reused automatically against many services, while an attacker with a stolen session cookie can sometimes continue as an already authenticated user without seeing another MFA prompt.
Credential abuse, phishing, stolen browser sessions, and weak recovery settings can turn one compromised identity into access across email, cloud storage, finance systems, and customer platforms.
A stolen session cookie may allow an attacker to bypass the normal username, password, and MFA prompts because the service sees an already authenticated session.
General information: A man-in-the-middle attack occurs when an attacker intercepts or alters communication between two parties that believe they are communicating directly. The attacker may use a rogue wireless network, compromised router, fake certificate warning, poisoned DNS response, cloned website, or a look-alike participant inserted into an email conversation.
FBI IC3 recorded about $3 billion in BEC losses in 2025, while IBM’s 2025 global average breach cost was $4.44 million. An attacker who intercepts a supplier conversation or captures credentials on a fake network may redirect a legitimate transfer or enter systems as the victim.
Treat public hotspots as unsafe. Avoid sensitive work or use the approved VPN when necessary.
Check the browser address bar before entering credentials. A realistic design does not prove a page is legitimate.
Attackers may enter an active conversation using an address with a one-character domain change.
General information: Cybersecurity depends on physical behaviour as much as software. An unlocked laptop, visible password, discarded document, unattended printout, or lost storage device can bypass strong technical controls. Physical access may also let an attacker connect unauthorised equipment, photograph confidential information, or use an already authenticated session.
IBM’s 2025 benchmark placed the average global data-breach cost at $4.44 million. Verizon’s EMEA findings attributed 19% of breaches to mistakes, a category that can include misdelivery, accidental exposure, and failures to protect information or equipment.
Information that can identify, locate, or distinguish a person, such as names, addresses, passport numbers, and biometric data.
Identifiable health or medical information protected under applicable privacy rules.
Tax return, payment, and processing information subject to strict controls.
Payment-card information including card numbers, cardholder details, expiry dates, and security codes.
Loss figures are based on reported incidents and research samples. Actual organisational impact may include downtime, legal costs, response services, lost customers, regulatory action, and reputational damage that are not fully captured in complaint totals.