How immersive training can build cyber-resilience

Following rising cyber-attacks on critical national infrastructure, the UK Government is elevating security standards in accordance with rising threat levels, to protect UK citizens. In fact, Bridewell research in 2025 revealed that 95% of UK Critical National Infrastructure (CNI) organisations experienced a data breach in the previous year. The National Cyber-Security Centre Review reported that it supported 429 cyber-incidents in the 12 months up to August 2025. Around half of these were classified as nationally significant, including 18 incidents assessed as “highly nationally significant”, representing a 50% increase compared with the previous 12-month period.

 

New legislation such as the Cyber-Security and Resilience Bill is set to scale up UK national cyber-security across Britain’s critical sectors, adding growing pressure on security leaders to prove their cyber-security education and training. In fact, insurers are increasingly asking for evidence of proportionate measures to elevate cyber-security. Such measure include training and exercising. Immersive training is a new approach to learning and development that transforms how organisations train their people, saving time and money while improving engagement and outcomes and meets these needs.

 

The limitations of Learning Management Systems

Whilst Learning Management Systems (LMS) can have their uses for required module completion and keeping track of compliance, they have serious limitations. In situations where real-world everyday decisions can lead to the eventuation of a cyber-attack, they are no longer relevant to counter today’s risk.

 

When undertaking training with a LMS, people are rarely tested on their approach to taking action, beyond usability, flexibility and technical challenges.  A LMS fails to test their collaborative capabilities, how to prioritise, and handle stress in high-stakes situations – precisely those required in a cyber-attack scenario. Organisations find it hard to connect LMS use to real-world results, lower risk, higher productivity, or higher value which are all essential outcomes for training in the modern business era.

 

Completing an online module simply isn’t enough to be prepared for real world situations. Taking a superior approach with immersive training fills this important gap by providing inclusive experiences, behavioural insights, and hands-on learning that an LMS can’t. Scenario-based immersive learning is vital to build modern business resilience.

 

Training for protection and compliance

In escalating the reporting of incidents, The Bill will have implications for many organisations. The new requirements include reporting significant or potentially significant cyber-incidents promptly - within 24 instead of the previous 72 hours - to their regulator and the National Cyber-Security Centre (NCSC) and they must have robust plans in place to deal with the consequences.

 

Fundamental to this new approach is a legal requirement to demonstrate trained cyber-security exercises. Organisations in scope now need to prove that they have undertaken the necessary training and exercising to ready themselves for when a breach occurs. Therefore, to meet new compliance targets, training managers will need to step up their learning programmes to build resilience to protect their employees, customers, their reputation, and their future.

 

How can an immersive learning platform transform training?

An immersive training platform and incident crisis management application combines technological advancement with practical expertise. For instance, the Cognitas Global view360global facilitator-led interactive learning platform delivers a holistic approach to learning by combining fundamental principles of learning with modern cloud-based technology. It delivers immersive training and simulation exercises enhancing learning and skill development. Its translation functionality also enables joint training and exercising across international boundaries.

 

Training can be frequent, adaptable, and above all, team leaders can design tailored immersive learning scenarios that address their specific organisational challenges and objectives. In addition, expert facilitation guides participants through scenarios that build practical skills and knowledge retention. As a result, participants retain up to 75% of what they learn through immersive experiences and build their capabilities, when compared to just 10–20% retention with standard slide presentations.

 

By providing reporting, logging and checklist functionality, it enables the effective management of a

serious incident by the C-Suite or other persons tasked with the managing the safety of an organisation and its people. Critically it provides evidence of preparation, planning and mitigation to auditors, regulators and public enquiries or in mitigating criminal liability.

 

The platform addresses budget pressures by reducing training costs by up to 60% and can also decrease training time while improving outcomes. Its advanced analytics can capture usage data to create bespoke skills gap analysis and demonstrate its value for future training investment decisions. This means that those who embrace innovative learning solutions stand to gain a significant competitive advantage.

 

Benefits of immersive cyber-incident exercising

Immersive cyber-security training helps organisations prepare for the new requirements in knowing what action to take. This includes reporting potentially significant or significant cyber-incidents promptly to government and their customers as well as having robust plans in place to deal with the consequences. 

 

A Cyber-Incident Exercise (CIE) is a simulated cyber-attack that allows organisations to practice their incident response and crisis management procedures in a safe and controlled environment. Implementing an organisational culture of training and cyber-incident exercising protects your business and people in the event of cyber-incident. Conducting scenario-based cyber-security exercises brings numerous benefits to organisations.

It can identify strengths and weaknesses in cyber-security practice, test and refine incident response plans – in general improve preparedness and resilience against cyber-threats. By simulating real-world scenarios and engaging participants from various departments, it can educate employees and enhance team collaboration. Organisations can proactively strengthen their cybersecurity defences, minimise the impact of cyber-incidents, and protect valuable assets.

Reporting and recovery plans are now regulation

With cyber-security now a significant responsibility for organisations across many critical sectors and Digital Service Providers, business leaders must find the best approach to train teams on their new responsibilities and test their readiness for compliance to stay ahead of regulations. This means having incident-reporting frameworks in place and maintaining business continuity plans to address cyber-disruptions. Immersive training is a time and cost-efficient method of training the right people in the right scenarios to prevent incidents and prove elevated resilience.

 

---

 

Lawrie Day is CEO at Cognitas Global

 

Main image courtesy of iStockPhoto.com and Drazen_