Cyber Awareness Trainer
Phishing simulations + training for SMEs as a monthly service
Phishing simulations + training for SMEs as a monthly service.
As a Cyber Awareness Trainer, your day-to-day work includes conducting phishing simulations and interactive training sessions for SMEs. You’ll use platforms like KnowBe4 or Sophos to create realistic scenarios and measure employee responses. Keeping track of client engagement and feedback is crucial, along with refining your training materials based on the latest cybersecurity threats. Regularly updating your course content and ensuring timely communication with clients will be key to maintaining relationships and driving renewals.
The urgency for cyber awareness training is greater than ever, with UK SMEs increasingly targeted by cybercriminals. Recent statistics indicate that 39% of UK businesses reported cyber breaches or attacks in 2022. With the rise of remote work, the vulnerability of employees to phishing attacks has grown significantly. SMEs need effective training solutions to safeguard their operations and customer data, making your service timely and relevant.
Ideally, you should have a background in IT or cybersecurity, although passion and a willingness to learn can also suffice. Expect to invest around 15-20 hours per week initially to establish your client base and develop training material. Networking with local businesses and attending industry events will help you gain traction. Realistic effort is required to continually adapt to new cyber threats and keep your clients engaged.
In the first 12-24 months, you could realistically grow your customer base to 50-100 SMEs, generating monthly revenues of £1,500 to £10,000. If you successfully scale your operations and enhance your service offerings, there is potential for significant upside, including upselling additional security training modules or consultancy services, driving your revenue growth further.
- Security
- Teaching
£3–£10 per seat/mo
Gross margins are estimated to be around 70-80%, depending on the number of clients and the pricing packages chosen.
The increasing frequency of cyberattacks on SMEs in the UK creates a pressing need for effective cybersecurity training. With many businesses now operating remotely, the risk of phishing attacks has surged, prompting a demand for accessible, reliable training solutions.
The primary buyers are SME owners and managers who are responsible for cybersecurity and employee training. They are often time-poor and require simple, effective solutions to safeguard their businesses against cyber threats.
The UK cyber security training market is projected to reach £1.5 billion by 2026, driven by the increasing awareness of cyber risks. A recent report indicated that 60% of SMEs that suffer a cyberattack go out of business within six months, highlighting the critical need for preventive measures.
Revenue & pricing
You will charge SMEs on a per-seat basis, typically between £3 to £10 per month. This subscription model ensures recurring revenue and allows for predictable cash flow as you scale.
- Basic Package: £3 per seat/month - includes phishing simulations and basic training.
- Standard Package: £5 per seat/month - includes phishing simulations, training webinars, and quarterly updates.
- Premium Package: £7 per seat/month - includes all standard features plus individual assessments and custom content.
- Enterprise Package: £10 per seat/month - includes comprehensive training, dedicated support, and monthly reporting.
Costs
- KnowBe4/Sophos subscription£200
- Website domain and hosting£100
- Business registration with Companies House£12
- Marketing materials£100
- Insurance (public liability)£80
- Software subscription (KnowBe4/Sophos)£50
- Website maintenance£10
- Marketing budget£50
- Accountancy software (Xero)£30
First steps
- 1Use KnowBe4 / Sophos
- 2Pitch SMEs
- 3Charge per seat
Your first 90 days
- Research and select a phishing simulation platform like KnowBe4 or Sophos.
- Register your business with Companies House and set up necessary accounts.
- Develop initial training content and marketing materials.
- Reach out to local SMEs through email or networking events.
- Launch your website and social media profiles.
- Secure your first 5-10 clients and conduct initial training sessions.
- Gather feedback from clients to refine your training materials.
- Begin a targeted marketing campaign to increase brand awareness.
- Establish a referral program to incentivise current clients.
- Track performance metrics and adjust your offerings based on client needs.
How to get customers
Email marketing
Send targeted emails to local SMEs highlighting the importance of cybersecurity.
Networking events
Attend business meetups and local events to connect with potential clients.
Social media
Use LinkedIn to share informative content and promote your services.
Partnerships
Collaborate with local IT firms to offer bundled services.
Tools you'll actually use
| Tool | Cost | Why |
|---|---|---|
| Xero | £30/month | For accounting and invoicing. |
| Tide | Free | For business banking with easy online setup. |
| Calendly | £8/month | For scheduling training sessions with clients. |
| Stripe | 2.9% + 20p per transaction | For handling online payments. |
| Notion | Free for personal use | For organising training materials and client information. |
Common mistakes to avoid
- Failing to tailor training content to specific industry needs.
- Underestimating the importance of ongoing client engagement.
- Neglecting to track and measure training outcomes.
- Overlooking the need for regular updates to training materials.
- Inadequate marketing efforts leading to slow client acquisition.
How to scale this
- 1Start as a solo trainer conducting sessions directly.
- 2Expand by hiring additional trainers as client demand grows.
- 3Develop a wider range of training modules and specialisations.
- 4Consider creating an online course platform for broader reach.
Risks & mitigations
High competition in the market.
Differentiate your service with unique training content and customer support.
Clients may not see immediate value.
Use case studies and testimonials to demonstrate effectiveness.
Rapidly changing cyber threats.
Regularly update training materials and attend industry conferences.
Compliance issues with data protection.
Ensure GDPR compliance by implementing robust data handling processes.
UK legal & compliance
- Register your business with Companies House to ensure legal operation.
- Obtain public liability insurance to cover potential claims.
- Comply with GDPR by ensuring client data is securely stored and used.
- Consider consulting with a legal expert to ensure all contracts are compliant.
FAQ
What qualifications do I need to be a Cyber Awareness Trainer?
While specific qualifications are not mandatory, a background in IT or cybersecurity is beneficial.
How do I acquire clients?
Start by networking with local businesses and using targeted marketing strategies.
Is ongoing training necessary?
Yes, ongoing training is essential to keep employees updated on the latest threats.
What support do I offer clients?
Provide continuous support through regular check-ins and updates to training materials.
Can I scale this business?
Yes, you can scale by hiring additional trainers and expanding your service offerings.
Ready to start this one?
Every business idea on this site needs two things from day one: a separate business bank account and a way to float expenses. Here are the two we recommend.
Tide Business Bank Account
The UK's most popular digital business bank account — free, opens in 5 minutes.
Free cash when you spend £100 in your first 30 days + deposit £5k in a Tide Instant Saver.
- Free business current account — no monthly fee
- £200 free cash (spend £100 in 30 days + deposit £5k)
- No credit check required to open
- Open your account in under 5 minutes
- Free bank transfers for your first year
Capital on Tap Business Credit Card
The UK's highest-rated business credit card — 1% cashback, up to £250k credit, no annual fee.
Worth £75. Awarded after your first card transaction within 30 days.
- 7,500 bonus reward points (worth £75) on first transaction within 30 days
- 1% uncapped cashback on every pound you spend
- Credit limits from £1,000 to £250,000
- No joining fee or annual fee
- Free additional employee cards