03333 055 331

Technology Resilience Score™

User Awareness & Culture

Your people are your strongest defence — or your biggest risk.

Technology alone does not stop every attack. Modern cyber threats are designed to target people, not just systems. A convincing email, a rushed decision or a moment of distraction can bypass even well-configured security controls.

But the reverse is also true. A well-trained, confident team can detect and report threats early, stopping incidents before they escalate.

The User Awareness & Culture domain of the Technology Resilience Score looks at how your organisation prepares its people to recognise risk, act appropriately and report issues quickly.

Are your people reducing risk — or unknowingly creating it?

What is User Awareness & Culture?

User awareness in cyber security is the training and education of staff to recognise and respond to threats such as phishing and social engineering. Culture refers to the environment created around reporting and acceptable use — where staff feel confident acting on what they know.

What does User Awareness & Culture measure?

This domain assesses how effectively your organisation manages human risk through training, behaviour and culture. Typical areas reviewed include:

  • completion and tracking of security training
  • frequency and effectiveness of awareness programmes
  • use of phishing simulation
  • staff confidence in identifying threats
  • incident reporting processes and response times
  • whether staff feel comfortable reporting mistakes
  • enforcement of acceptable use policies
  • alignment between behaviour and security expectations

This domain is not just about training. It is about creating a culture where people actively contribute to resilience.

Why this matters to business owners and operators

Most attacks succeed because someone clicks, shares or responds at the wrong moment. This is not a failure of intent — it is a failure of preparation and culture. Without the right awareness and behaviours, organisations face:

  • increased risk of phishing and credential compromise
  • delayed incident detection
  • greater impact from security events
  • inconsistent handling of sensitive information
  • reduced effectiveness of technical controls

What weak awareness and culture looks like

  • training is infrequent, incomplete or untracked
  • staff are unsure how to recognise threats
  • phishing simulations are not used
  • incidents are underreported
  • staff hesitate to report mistakes
  • acceptable use policies are unclear or ignored
  • behaviour varies widely across the organisation
  • security is seen as IT's responsibility

This creates silent risk. Incidents may occur and go unreported, increasing their impact.

What strong awareness and culture looks like

A resilient organisation builds a culture of awareness and accountability.

Staff are trained regularly and understand how to recognise threats. Phishing simulations reinforce learning and highlight areas for improvement.

A no-blame reporting culture ensures incidents are reported quickly and handled effectively.

Clear acceptable-use expectations guide behaviour across the organisation.

In a strong environment, security is not just enforced. It is understood and supported by everyone.

How this affects your Technology Resilience Score

User Awareness & Culture is one of the 10 domains assessed as part of the Technology Resilience Score. A weak score typically indicates high exposure to human risk and delayed incident detection. Improving this domain helps the organisation move towards a stronger overall score by creating:

Improving this domain helps by creating:

  • faster identification of threats
  • reduced likelihood of successful attacks
  • improved reporting and response
  • stronger alignment between people and controls
  • a more resilient security culture

Improving this domain turns the organisation's biggest risk into an active defence.

How LBT Resilience improves User Awareness & Culture

LBT Resilience starts with a Technology Resilience Assessment. We assess your organisation across all 10 domains, including User Awareness & Culture, and give you a clear score out of 5.

We then assess how your people interact with risk in practice. This includes reviewing training, reporting processes and behavioural controls.

From there, we create a practical improvement plan. This focuses on structured training, consistent reinforcement and building a reporting culture that supports rapid response.

Because support and security are included as part of LBT Resilience, awareness is not treated as a one-off activity. It becomes part of an ongoing, measurable improvement process.

Find out how prepared your people really are

Security is not just about systems. It is about how people behave when it matters. The Technology Resilience Assessment gives you a score out of 5, a clear view of human risk and a roadmap to strengthen it.

Get your Technology Resilience Score

Frequently Asked Questions

What is user awareness in cyber security?

It is the training and education of staff to recognise and respond to threats such as phishing and social engineering.

Why is reporting culture important?

Because early reporting reduces the impact of incidents and allows faster response.

What is a no-blame reporting culture?

An environment where staff feel comfortable reporting mistakes without fear, improving detection and response.

How does this domain affect resilience?

It determines whether people increase risk or help reduce it through awareness and action.