Common Questions from Businesses Like Yours
What makes Cyber Rebels different from other cybersecurity training providers?
Most cybersecurity training focuses on information – what threats exist, what policies say, and what people should or should not do. The problem is that incidents do not happen in a training module. They happen in the middle of a normal working day, when something looks routine, feels urgent, or comes from someone familiar, and someone makes a quick decision to keep things moving.
Our training is built around those moments. We do not stop at explaining cyber risks. We help your team recognise them in context, understand why they feel convincing, and respond with better judgement without disrupting the work they are already trying to do. That is what makes the learning practical, live, and genuinely useful.
Why does cybersecurity training often fail to change behaviour?
Because knowledge and behaviour are not the same thing. Most people already know they should be careful. They know phishing exists, passwords matter, and sensitive data needs protecting. Incidents still happen because, under pressure, people are not usually making decisions in the neat conditions training assumes.
A request fits the task in front of them. The timing feels right. The sender seems familiar. Acting quickly feels reasonable. Training fails when it explains risk in theory but does not reflect how decisions are made in practice. Behaviour changes when people can recognise those situations earlier and understand what makes them persuasive in the first place.
Is this suitable for non-technical staff?
Yes. In many organisations, the people making the most important cyber decisions are not in technical roles. They are answering emails, sharing information, approving requests, handling customer or patient data, processing payments, or simply trying to keep day-to-day work moving.
Our training is designed for real working environments, not only for technical teams. It is clear, practical, and jargon-free, while still treating the issue seriously.
What does the training look like in practice?
The sessions are live, interactive, and built around recognisable situations rather than generic warnings. We explore how cyber risk appears in normal work – where something looks legitimate, feels routine, or arrives at exactly the wrong moment.
Through discussion, realistic scenarios, and practical examples, people work through how those decisions happen and what better judgement looks like in context. The aim is not to overload people with information. It is to help them handle real situations more clearly and more confidently.
Can the training be tailored to our business?
Yes. Tailoring is a core part of how we work. Before delivery, we take time to understand your environment, pressures, and priorities so the training reflects how decisions are actually made in your organisation.
That means the examples, scenarios, and discussion points are shaped around your working reality rather than pulled from a generic template. That is usually what makes the session feel relevant enough to stick.
How quickly will we see results?
Some shifts are visible straight away. People often leave with a clearer understanding of why certain situations feel convincing and where they are most likely to need to pause, verify, or question something sooner.
The more meaningful changes tend to show up over time in smaller everyday moments – a second check, an earlier question, or a pause where someone would previously have acted automatically. The biggest difference is usually not dramatic. It is more consistent judgement in the moments that matter.
How do you measure the impact of the training?
We look at impact through behaviour, confidence, feedback, and relevance to your environment. That can include participant feedback, discussion quality, follow-up conversations, phishing simulation outcomes where appropriate, and whether people are responding differently to everyday risk situations after the training.
The point is not to reduce everything to a completion metric. It is to understand whether the training is changing how people interpret and handle real situations in practice. Where needed, we can also discuss what meaningful measurement looks like for your organisation.
Will this slow our team down?
No. The aim is not to make people hesitant about everything they do. Good cybersecurity judgement is not about stopping work unnecessarily. It is about recognising the small number of moments that deserve a second look and responding proportionately.
In practice, that usually helps teams work more confidently, because they are clearer on when to proceed, when to verify, and when to escalate. The goal is better judgement, not friction.
Do you offer phishing simulations or testing?
Yes. We offer phishing simulations where they are appropriate to the organisation and the outcome you are trying to achieve. These are designed to provide useful insight into how people respond to realistic situations, not to catch people out for effect.
Used properly, they can show where risk is forming in practice and where further support or clarification may be needed. They work best as part of a broader learning approach rather than as a standalone exercise.
How much does cybersecurity training cost?
Cost depends on the type of session, the level of tailoring required, the delivery format, and the size of the group. We do not force organisations into a one-size-fits-all package when the environment, pressures, and expectations can vary significantly.
Once we understand what you need, we can recommend the most appropriate option and provide clear pricing. The aim is to make sure the training is useful and proportionate, not simply available.
How quickly can we book a session?
That depends on availability, the type of training you need, and how much tailoring is involved. Some sessions can be arranged relatively quickly, while others benefit from a little more preparation so the delivery reflects your organisation properly.
Once we understand your requirements, we can give you a realistic view of timescales and next steps. We would rather set that clearly from the start than rush something that needs more thought.
Are you insured and qualified to deliver cybersecurity training?
Yes. We hold appropriate insurance and bring professional experience in cybersecurity education, behaviour-led training, and real-world risk communication. We also work in environments where trust, safeguarding, and professional standards matter, so clarity around competence and responsibility is taken seriously.
If you need assurance information as part of your due diligence process, we are comfortable providing it.
Does this help with compliance (GDPR, Cyber Essentials, ISO 27001)?
Yes, but that is not where we stop. Many organisations need training that supports compliance requirements, and our sessions can absolutely contribute to wider obligations around staff awareness, data handling, and risk reduction.
But compliance on its own does not always change what happens in the moment a decision is made. Our approach helps bridge that gap by focusing on the behaviours and judgement that sit underneath those frameworks, so the training is useful for compliance and for everyday practice.
Is this just another awareness session?
No – and that distinction matters. Awareness tells people what to look out for. But in reality, most people already know phishing exists, passwords matter, and data is sensitive. Incidents still happen because awareness does not always translate into behaviour under pressure.
Our training focuses on how decisions are made in real situations, especially when people are busy, distracted, or trying to do the right thing quickly. We build confidence, not just knowledge, so people can act decisively when it matters.
Who is the training for?
The training is for people who make decisions in the flow of everyday work. That includes employees, managers, leadership teams, frontline staff, and non-technical teams who handle communication, information, access, finance, customer contact, or operational decisions.
In most organisations, cyber risk is shaped far beyond IT, so the training is designed to reflect that. We also tailor delivery depending on role, responsibility, and environment.
Do you work with specific industries or sectors?
Yes. We work across a range of sectors, particularly where trust, responsibility, and real-world judgement matter. That includes organisations such as schools, businesses, healthcare settings, and other environments where people are making decisions under pressure with limited time and incomplete information.
The common thread is not the sector label on its own. It is the reality of how work happens inside it. That is what the training is built around.
Do you offer online or in-person training?
Yes. We deliver training both online and on-site. Online sessions can be hosted by us or delivered through your own platform, depending on what works best for your organisation. On-site sessions are delivered in person and planned around your environment and practical requirements.
The important thing is that the delivery format fits how your organisation already works.
How long are the sessions?
Session length depends on the format and what you need the training to achieve. Some organisations want a shorter focused session, while others need a more in-depth workshop with more discussion and application built in.
We shape the delivery around your environment, priorities, and the level of depth required, so the time spent feels proportionate and useful rather than generic.
What if our team already knows the basics?
That is often exactly where the more useful work begins. Knowing the basics does not always mean people can apply them consistently under pressure. Many teams already understand the core messages, but still find that routine, urgency, familiarity, or shared responsibility shape decisions in ways that are hard to spot in the moment.
Our training is designed to move beyond basic awareness and into how judgement works in practice
We haven’t had a cyber incident — do we really need training?
Possibly, yes. The absence of a visible incident does not necessarily mean decisions are being made well in every area. In many organisations, small moments pass unnoticed because nothing obviously goes wrong afterwards.
That can create a false sense that the existing level of awareness is enough. Training is often most useful before something forces the issue, because it helps people recognise and handle those situations earlier.
Our IT provider already handles security — isn’t that enough?
IT support is essential, but it does not remove the need for human judgement. Many cyber incidents begin with a decision made by someone inside normal work – responding to a message, sharing information, approving a request, or acting quickly because something feels routine.
Those moments sit outside what technical controls can fully prevent on their own. Good security needs both technical protection and better decision-making in practice.
Do you offer ongoing support after the training?
Yes, where that is needed. Some organisations want a standalone session. Others want ongoing support, reinforcement, or additional work such as further sessions, phishing simulations, or follow-up guidance.
That depends on your environment and what level of support makes sense after the initial training. We can talk that through once we understand what you need.
How many people can attend a session?
That depends on the format, the level of interaction needed, and what will make the session work well. Some sessions are suited to larger groups, while others work better when numbers allow for more discussion and engagement.
We will always advise on what is likely to be most effective rather than just what is technically possible. The goal is not simply to fit people in. It is to make the session useful.
Do participants receive certificates?
Yes. We provide a certificate of completion for the organisation, and individual certificates can also be provided where required. That can be useful for internal records, staff development, or evidencing participation where needed.
How do we get started?
Usually, it starts with a conversation. We will talk through your organisation, what is prompting the enquiry, and whether training feels like the right next step. If it does, we can guide you through the next stage clearly and without pressure.
That way, you can decide what makes sense with a proper understanding of what the training would involve.
