Map training coverage against common attack paths — with NCSC links, not generic LMS boilerplate.
What you'll walk away with. Training gaps mapped to NCSC guidance links.
Was this useful?
Self-assessment
Not a training platform — a structured diagnostic. Answer honestly about coverage and recency; gaps pair with NCSC resources you can adopt without licensing fees.
Phishing & social engineering
Q1 / 7
In the last 12 months, what phishing / impersonation training did most staff receive?
Credentials
Q2 / 7
Have staff been taught password managers and MFA for email & SaaS (not just policy text)?
Endpoints
Q3 / 7
Training on updates, locking screens, and reporting lost devices — within last 18 months?
Data handling
Q4 / 7
Do people who handle customer personal data get specific training on minimisation and sharing?
Supply chain
Q5 / 7
Have procurement / ops leads seen guidance on supplier compromise and invoice fraud?
Incident reporting
Q6 / 7
Would a typical employee know how to report suspected malware or account takeover without fear of blame?
Risk snapshot
Q7 / 7
Which single attack vector worries you most today — and have you matched training to it this year?
Next up: jump to the first unanswered question.
