1. Introduction: Cybersecurity is every manager’s responsibility
There is an urgent need to boost digital competences in Europe. According to the Digital Economy
and Society Index, 37% of the EU workforce has low digital skills, or none at all. At the same time,
cybersecurity experts generally agree that the majority of breaches are the result of human error.
Senior leaders have an important role to play in both creating a culture of cybersecurity awareness
and in protecting themselves against the threats they are likely to face. On the former, managers are
well positioned to create a whole-of-organisation culture of responsibility for cybersecurity. In today’s
workplace, every employee in an organisation across virtually every industry uses technology in their
daily work, making cybersecurity no longer only an IT-department issue. In addition, executives are
often the primary target of spear-phishing and Advanced Persistent Threat (APT) attacks, so it is
important that they are made fully aware of the techniques used by malicious actors and what they
can do to protect themselves and their organisations.
As the heart of policymaking across the EU, the European Commission must be exceptionally
prepared for and aware of the cyber threats they may face. To help Commission managers secure
themselves and their organisation we offered hands-on training that enabled senior leaders to take
actions themselves, and to prepare their teams to deal with the cyber threat landscape. Through a
series of workshops, Commission representatives received trainings to build their knowledge and
secure processes at work.
This guide is intended to present concrete advice, suggestions and tips on how to best organise
cybersecurity awareness trainings.
