Marvin OnumonuOnly 9% of organisations offered fully personalised compliance training, according to a VinciWorks poll of 131 HR, learning and development (L&D) and compliance professionals.
Most still used general training for all staff, with 32% providing the same material to most employees and 40% tailoring it by department or role.
The rest were either unsure or planned to introduce personalisation in the future.
Nick Henderson-Mayo, head of compliance at VinciWorks, said: “If a junior warehouse operative and a senior finance officer are receiving the same cyber training, that organisation is not managing its risk effectively.
“Training needs to reflect the real-world decisions people make in their roles.
“Personalisation helps employees understand how compliance applies to them, and that’s what changes behaviour.”
Only 16.8% of organisations trained staff quarterly or more often, while 57.3% trained annually.
8.4% did not provide any cyber security training.
Sexual harassment training was not in place at many firms.
20.9% did not offer any training on sexual harassment.
Only 20.2% said their training was very effective.
58.9% rated their training as only moderately effective, not effective, or were unsure.
Sanctions compliance training was also lacking, as 34.3% did not offer any training on sanctions compliance.
16.7% were unsure whether any training was provided.
Only 21.6% gave dedicated training to all relevant teams.
Over half of organisations lacked a clear defence if a sanctions breach occurred, even if it was accidental.
Henderson-Mayo added: “With strict liability rules in place, businesses must be able to show they have done everything they can to train staff and protect the business.
“If you’re not training the right people in the right areas, you risk even an accidental breach.”
L&D teams were advised to focus on aligning training with actual risks by department, role and function, integrating compliance into onboarding and development, and using data to improve behavioural outcomes.
Henderson-Mayo said: “Too many firms are spending their training budget on content no one remembers and dashboards no one trusts.
“Training must be flexible, dynamic and relevant if it’s going to change behaviour.”
Ruth Mittelmann Cohen, head of legal and compliance at VinciWorks, said: “Regulators expect evidence that your training reduces risk and supports a strong compliance culture.
“That means programmes must be tailored, updated and relevant to staff across the organisation. Paper policies and completion rates are not enough.”
