Targeted training

Transform Your Workforce from Risk to Resilience

Human error causes 82% of breaches, yet security awareness programs often fail to change behavior. Qatalis Targeted Training uses continuous exposure monitoring to identify your organization’s actual weak points and deliver personalized training exactly where it’s needed—not generic courses everyone ignores.

Benefits: Why Training Must Be Targeted, Not Generic

Address Your Real Vulnerabilities, Not Generic Threats

Most security awareness training covers the same topics for everyone: phishing, password hygiene, social engineering. But if your organization’s actual exposures come from misconfigured cloud storage, supply chain vendor access, or mobile device security, generic training wastes time and budget. Targeted Training analyzes your organization’s detected exposures and delivers role-specific content addressing the threats you actually face.

Regulatory Training Requirements Made Simple

Hong Kong Cap. 653 requires CIOs to demonstrate staff training and awareness programs are in place and effective. EU DORA mandates ICT staff competency and cybersecurity culture evidence. Targeted Training automatically generates completion records, assessment results, and improvement metrics—providing audit-ready evidence that your training program is both operational and effective.

Reduce Training Fatigue While Improving Outcomes

The average employee spends 45 minutes annually on mandatory security training, retains almost none of it, and views it as checkbox compliance. Targeted Training delivers 8-12 minute microlearning modules triggered by real incidents relevant to the employee’s role—dramatically improving retention while reducing time burden.

Quantify Training ROI

CISOs struggle to demonstrate training effectiveness to boards, with disconnect between security teams viewing incident reduction as success metric while boards prioritize compliance status and security ROI. Targeted Training connects training completion directly to measurable outcomes: phishing simulation pass rates, detected exposure reduction, and Human-Factor Meter improvement—enabling clear ROI calculation.

Shift from Punishment to Performance

Traditional approaches punish employees who fail phishing tests or cause incidents. Targeted Training uses failure as a learning trigger: employees who click simulated phishing links immediately receive targeted training on that specific threat type, with assessment to verify learning. This shifts culture from “security as punishment” to “security as enablement.”

How It Works: Continuous Monitoring Drives Continuous Learning

Step 1: Exposure Detection Triggers Training Needs

The Qatalis platform continuously monitors for:

External Exposures:

• Employee credentials on breach forums or dark web
• Sensitive data exposed via misconfigured systems
• Social engineering reconnaissance targeting specific employees
• Vendor security incidents affecting your supply chain

Internal Indicators:

• Security policy violations (failed access attempts, unauthorized software)
• Phishing simulation performance by individual and department
• Incident patterns showing behavioral risk (e.g., repeated password resets, after-hours access anomalies)

Regulatory Requirements:

• New regulations creating training obligations (DORA cybersecurity culture, Cap. 653 awareness programs)
• Industry-specific requirements (financial services, healthcare, critical infrastructure)

Step 2: AI-Powered Training Content Generation

For each identified need, the platform:

Analyzes the Root Cause:

• Was the exposure due to lack of knowledge (employee didn’t know the risk)?
• Was it process failure (no clear procedure existed)?
• Was it behavioral (employee knew the risk but took shortcut)?
• Was it systemic (technology inadequacy made secure behavior difficult)?

Generates Personalized Content:

• Scenario-Based: Uses real examples from your organization (anonymized) instead of generic scenarios
• Role-Relevant: Finance employees receive content about invoice fraud; IT staff receive content about privileged access; executives receive content about targeted phishing
• Bite-Sized: 8-12 minute modules instead of hour-long courses
• Multi-Format: Video explainers, interactive simulations, knowledge checks, job aids

Includes Assessment:

• Pre-test to establish baseline knowledge
• Post-training assessment to verify learning
• Follow-up simulation to test real-world behavior change (e.g., send simulated phishing email 2 weeks after anti-phishing training)

Step 3: Intelligent Delivery & Scheduling

Training is delivered:

Trigger-Based (Immediate):

• Employee clicks simulated phishing link → immediate 8-minute anti-phishing module
• Employee’s credentials found on dark web → immediate password security training + forced password reset
• Employee violates access policy → immediate policy review module + manager notification

Scheduled (Quarterly/Annual):

• Regulatory compliance training (e.g., annual Cap. 653 awareness, DORA ICT competency)
• Department-wide training when trends indicate systemic gaps
• Executive briefings on emerging threats quarterly

Adaptive Difficulty:

• Employees who pass assessments with 90%+ skip future basic modules on same topic
• Employees who struggle receive additional remedial content with simplified explanations
• High-performing employees receive advanced “security champion” content to build internal expertise

Step 4: Impact Measurement & Reporting

The platform tracks:

Individual Metrics:

• Training completion rates by employee and department
• Assessment scores (pre/post improvement)
• Behavioral change verification (phishing simulation pass rates, policy violation reduction)

Organizational Metrics:

• Human-Factor Meter: Real-time score across Awareness (35%), Knowledge (25%), Experience (20%), Behavior (20%)
• Training ROI: Correlation between training investment and incident reduction
• Compliance Status: Audit-ready evidence of training program effectiveness for regulators

Automated Reporting:

• For CHRO/Training Teams: Completion rates, gap analysis, training effectiveness by department
• For CISO: Behavioral risk reduction, incident trends correlated with training
• For Board: Human-Factor Meter trends, regulatory compliance status, training ROI calculation
• For Regulators: Complete training records with attendance, assessment scores, and competency verification

Step 5: Continuous Improvement Loop

The system learns and adapts:

• If specific training module shows poor post-assessment scores, content is revised
• If training doesn’t reduce relevant incidents, alternative approaches are tested
• If specific departments consistently underperform, root cause analysis identifies systemic issues (poor manager engagement, inadequate time allocation, etc.)

Use Case: Healthcare Provider Eliminates Insider Risk Through Targeted Training

The Challenge

A regional healthcare system with 8 hospitals and 12,000 employees faced recurring data security incidents despite annual mandatory security training. With healthcare being one of 18 critical sectors under EU NIS2 requiring “appropriate technical and organizational measures” including security awareness, the organization needed to demonstrate effective training, not just training completion.

Their problem: Annual 45-minute online course had 94% completion rate but zero measurable impact on behavior:

• Phishing simulation failure rate: 32% (vs. healthcare industry average of 18%)
• Patient data access policy violations: 127 annually
• Insider threat incidents: 18 in past 24 months (employees accessing records without authorization)
• Employee security awareness score: 54 (vs. industry benchmark of 72)

The CHRO explained: “We were checking the training compliance box, but our actual security incidents kept increasing. The annual course was generic content about threats our employees never encountered. When I asked IT why phishing rates were so high, they said ‘we train everyone annually.’ Clearly, annual training wasn’t working.”

The Implementation

Qatalis Targeted Training deployed in January 2025:

Phase 1: Baseline Assessment (January-February)

Platform analyzed:

• 18 months of security incidents (categorized by type and root cause)
• Employee roles and access levels
• Phishing simulation history by individual employee
• Training completion records and assessment scores

Key Findings:

• 78% of incidents traced to 4 departments: Emergency (32%), Radiology (21%), Billing (16%), Nursing (9%)
• Phishing susceptibility concentrated in employees age 55+ (failure rate 47% vs. 24% for age <40)
• Access violations primarily “curiosity browsing” (accessing celebrity/neighbor patient records) rather than malicious data theft
• Department-specific risks: Billing department exposed to invoice fraud; Emergency department to credential phishing; Radiology to ransomware (imaging files)

Phase 2: Targeted Content Deployment (March-August)

Instead of annual universal training, platform delivered:

Emergency Department (highest incident rate):

• 8-minute module on protecting login credentials during shift changes (identified as #1 cause of credential phishing success)
• Interactive simulation: responding to urgent “patient emergency” phishing emails
• Just-in-time job aid: credential security checklist posted at login stations
• Manager briefing: how to reinforce security during hectic shifts

Billing Department (invoice fraud risk):

• 10-minute module on invoice fraud detection specific to healthcare billing
• Real examples: anonymized incidents from hospital’s own history
• Decision tree: how to verify unusual payment requests
• Weekly 2-minute reinforcement: new fraud example + verification tip

Employees Age 55+ (high phishing risk):

• Simplified 8-minute phishing recognition course using larger fonts, slower pace
• Focus on specific indicators present in phishing emails actually sent to organization
• Peer success stories: how colleagues spotted and reported threats
• Monthly “phishing spotlight” email with visual examples

Radiology Department (ransomware risk):

• 9-minute module on file attachment risks in imaging workflow
• Technical solution: automated scanning before opening imaging files
• Process change: verification protocol for unexpected imaging file emails

Phase 3: Continuous Reinforcement (September-December)

• Employees who passed phishing simulations graduated from monthly to quarterly simulations
• Employees who failed received immediate 5-minute targeted training on that specific phishing technique
• Quarterly executive briefing on emerging threats delivered by CISO (8 minutes, no death-by-PowerPoint)
• Department with best quarterly improvement received recognition + budget for staff appreciation

The Outcome

12 months after deployment:

Behavioral Improvement:

• Phishing failure rate: 32% → 12% (63% reduction; now 33% better than industry average)
• Access violations: 127 annually → 31 annually (76% reduction)
• Emergency Department incidents: from 32% of total to 9% of total
• Employees age 55+ phishing failure rate: 47% → 19% (60% improvement, closing generational gap)

Training Efficiency:

• Average annual training time per employee: reduced from 45 minutes (single session) to 38 minutes (multiple targeted sessions)
  • Employees viewed this as improvement: shorter, more relevant sessions instead of one boring annual course
• Training completion rate: 94% → 98% (higher completion despite more frequent sessions, due to relevance and brevity)
• Post-training assessment scores: 67% average → 89% average (targeted content improved comprehension)

Organizational Metrics:

• Human-Factor Meter: improved from 54 → 73 (entered Control Zone)
  • Awareness component: 48% → 76%
  • Knowledge component: 58% → 72%
  • Experience component: 59% → 68%
  • Behavior component: 51% → 75%

Regulatory Compliance:

• NIS2 audit (September 2025) requested evidence of security awareness program effectiveness
• Platform generated comprehensive report in 18 minutes showing:
  • 12,000 employees trained with 98% completion
  • Pre/post assessment improvement of 22 percentage points
  • Measurable behavioral change (incident reduction, phishing improvement)
  • Continuous program with quarterly updates (vs. annual checkbox training)
• Auditor noted: “This is the first organization where we’ve seen training completion directly correlate with incident reduction. Your evidence clearly demonstrates program effectiveness.”

Financial Impact:

• Training program cost: €180K annually (content, platform, staff time)
• Previous security incidents cost estimate: €2.4M annually (incident response, notification, patient notification, regulatory risk)
• Incidents reduced 68%, estimated cost reduction: €1.6M annually
• Net ROI: 889% (€1.6M savings / €180K cost)
• Cyber insurance premium reduced 16% (€220K annual savings) due to demonstrated human risk reduction

Cultural Transformation:
The CHRO reported: “Security training used to be that thing everyone rushed through in December to meet compliance deadlines. Now employees actually thank me for the short, relevant modules. Our Emergency Department manager said, ‘For the first time, my staff understand why security matters to patient care, not just IT compliance.’ That cultural shift is worth more than any cost savings.”

Key Innovation

The platform identified that the Emergency Department’s high incident rate correlated with shift changes—when outgoing staff rushed to log out while incoming staff rushed to log in, credentials were frequently left visible or shared to expedite handoffs during patient emergencies. This insight led to a targeted intervention: job aid posted at login stations with 3-step credential protection checklist specifically designed for shift changes. This 30-second checklist reduced Emergency Department incidents by 74%—addressing root cause instead of generic “don’t share passwords” training that ignored operational reality.