Skip to main content
Contact Us
Submit RFP

      Seminar's Overview

      In today’s fast evolving digital landscape, cybersecurity has become a critical pillar for safeguarding organizations’ data, information, assets and reputation. This training program is designed to empower organizations by elevating security awareness across all employee levels, including upper management, and equipping them with practical, hands-on experiences to ensure a holistic grasp of cybersecurity principles. 

      • Build a strong foundation in information security, understanding the essentials of cybersecurity and the rapidly evolving threat landscape. 

      • Engage in hands-on experiences and live demonstrations that reveal how cyber-attacks such as phishing, malware, and unauthorized access unfold in real-world scenarios

      • Discover the critical role of human behavior in preventing breaches.
         

      Join us to strengthen your organization’s security and ensure your teams are prepared to recognize, respond to, and mitigate cyber risks. This program provides live demonstrations of cyber-attack techniques, enabling attendees to witness how threats unfold in real-world scenarios. Don’t miss the opportunity to enhance your organization’s resilience. 

      Seminar’s Goals

      By the end of the training, participants will be able to:

      • Clearly articulate core cybersecurity principles and concepts.

      • Recognize and categorize a wide range of potential threats facing organizations today.

      • Apply the knowledge gained during training to analyze and identify real-world cyber incidents, correlating theory with practical scenarios.

      • Strengthen critical thinking abilities in the context of cybersecurity, enabling informed decisionmaking and risk assessment.

      • Demonstrate adherence to fundamental cybersecurity standards and practices in daily operations

      • Actively contribute to the development and maintenance of a robust security culture within their organization.

      • Consistently implement cybersecurity best practices to protect both personal and organizational data, fostering a proactive approach to safeguarding information assets.

      Participants*

      This training is addressed to: 

      All types of employees (including upper management) have access to data and information, either in electronic or physical form. This training program is designed for all types of employees— including upper management—who have access to organizational data and information, whether in electronic or physical form. It is particularly relevant for staff in Small and Medium-sized Enterprises (SMEs), where resources dedicated to cybersecurity may be limited, but the need for robust awareness and protection is critical.

      Ideal candidates include:

      • Employees at all levels who handle or access sensitive information.

      • Managers and decision-makers responsible for information security policies.

      • Teams from IT, HR, Finance, and other departments are involved in data management.

      • SME staff are seeking to strengthen both personal and organizational resilience against cyber threats.

      All participants should be currently employed.

      *The number of participants is restricted to 28.

      Agenda

      1. Introduction (25 min)

      • Information Security Objectives
      • Confidentiality, Integrity, and Availability (The C.I.A)
      • What is Information Security?
      • Key Principles

      2. Cyber and Information Security Threats (40 min)

      • Terms & Definitions
      • Why our organization Awareness with ENISA’s AR-in-a-Box (Building awareness with ENISA’s AR-in-a-box program without needing large budgets or dedicated security teams). AR-in-a-Box is a comprehensive solution for cybersecurity awareness activities.
      • Threat Landscape
      • Threat and Risk Assessment (Threat level * vulnerabilities * Impact/ Security + Awareness program + Pen testing + etc Implementation of cybersecurity awareness programs using AR-in-a-Box especially for SMEs is essential to reduce risk and build resilience.
      • Measuring Security Performance (KPIs and Metrics) – ex. Phishing detection rates, patching times, incident response speed. Phishing is the fraudulent practice of sending emails or other messages purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers.
      • Threat Actors
      • Malware
      • Information Leakage
      • Mobile Devices threats.

      3. Real life cyber security incidents (45 min)

      • Presentation of recent cyber security incidents (2-3 cases) and a brief description of:
        • The type of Attack
        • The damage caused
        • Highlight the Human errors that contributed (Lack of Awareness)
        • How could the attacks be avoided

      4.Unauthorized Access (Physical & Logical)- Risk and Controls (15 min)

      • Unauthorized Access Overview
      • Unauthorized Physical Access
      • Unauthorized Logical Access

      5. Social Engineering (1 h & 30 min)

      • Social Engineering Overview-Social Engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
      • What do the attackers think
      • Anatomy of a Phishing Email
      • Phishing Attack Demonstration / Simulation
      • Vishing. Vishing is the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies to induce individuals to reveal personal information, such as bank details and credit card numbers.
      • Smishing

      6. Cyber Crisis Communication (20 min)

      • What is Cyber Crisis Communication?
      • How can SMEs communicate effectively during a cyber incident
      • How to minimize impact (Reputational, Financial and Operational)

      7. Basic Principles (15 min)

      • Phases of an Effective Cyber Crisis
      • Essential Principles (Do’s & Don’ts)

      8. Three Phases of the Plan (15 min)

      • Plan-Execute-Monitor & Evaluate (Giving details about each step how it can be approached from different points of view)
      • Real Life Examples

      9.  Real Cyber Incidents (45 min)

      • Present 2-3 Real Cyber Crisis Communication cases and a brief description:
      • How the organization communicated during this incident
      • The strategies used to manage public perception and maintain trust
      • Challenges faced internal and external communication
      • How effective communication could reduce reputational and operational impact

      10. Cyber Awareness Game (1 h & 30 min)

      • Phase 1 (Execution of an email-based phishing simulation)
      • Phase 2 (Analysis of a phone and SMS attack scenario)
      • Phase 3 (Investigation of unauthorized internal activity)
      • Phase 4 (Performance of a ransomware decryption challenge)

      **This initiative fully supports ENISA’s AR-in-a-Box cyber awareness objectives by transforming common cyber threats into dynamic, hands-on learning experiences. Through realistic simulations from phishing and fakeencryption to voice scams and ransomware participants will see, feel, and respond to how real attacks unfold. Each interactive scenario empowers SME employees to make smart, confident decisions that directly protect the Confidentiality, Integrity, and Availability of their organization. Rather thanlearning through static theory, participants actively engage in decision-making that highlights the real-world impact of everyday behaviour, turning awareness into action and knowledge into resilience.**

      11. Strengthening Security Through Awareness and Controls (30 min)

      • Presentation of Control Categories and sample of controls per category that can be established a clear and transparent communication plan for responding to cyber incidents.
      • Build continuous cyber awareness in SMEs though ENISA’s AR-in-a-Box to strengthen employee behavior and organizational resilience

      Services

      Our services include:

      • Handouts, including notes and important slides from the presentation, examples, case studies, exercises, and additional notes if applicable.
      • Stationery, such as pads, pens, and files.
      • Drinks (coffee, tea, etc.), snacks and a buffet lunch.
      • A fully equipped training room with WiFi access.
      • Certificate of completion.

      Registration & Contact

      If you wish to register for the seminar, please complete the registration form

      Once your registration is submitted, you will receive an email stating how to proceed with your HRDA registration through the Ermis platform. Upon completion of this step, you will receive a confirmation email which will include the participation fee, including any discounts, if applicable. Kindly note that the payment should be settled at least two days prior to the seminar’s date for your registration to be confirmed.

      The programme has been approved by the HRDA. Enterprises participating with their employees who satisfy HRDA’s criteria, are entitled to subsidy. Please note that there are limited seats available, therefore enroll in this seminar as soon as possible.

      If you do not receive our confirmation e-mail regarding your registration, your participation cannot be guaranteed.
       

      Cost

      €270+ VAT (19%) for all participants who are non-eligible for the HRDA subsidy.

      €140 net investment after the HRDA subsidy (€120) for all eligible participants

      Last Date for 10% Early Bird Discount: 1/6/2026

      Extra discounts may apply to the initial price, before the VAT and HRDA subsidy. Please view options below.
       

      Note

      We do not provide a soft copy of the presentation for face-to-face seminars. However, if you would like to request one, please contact us. We may be able to provide it, subject to approval. In this case, the cost of the soft copy will be €50 for participants who have already attended the relevant training, or €100 for those who have not. 

      HRDA Notes

      All individuals who wish to attend our HRDA approved training courses, should not only fill out our registration form, but also complete the registration process through the ERMIS platform in order to be approved by the HRDA. Regardless of whether they are claiming the HRDA subsidy or not, each participant will need to complete their registration through ERMIS as a physical person and then register to our training in order to be able to attend (either as an employee whose company is claiming the subsidy or as an individual who is not claiming the subsidy). Please reach out to the HRDA Ermis officers on 22 390 300 for more details regarding the registration as a physical person.

      Eligibility of self‑employed individuals: The Schemes are open to any natural person who is registered as self‑employed with the Social Insurance Registry and carries out their activities in areas controlled by the Republic of Cyprus.
       

      Discounts available

      • For three or more (3+) participants from the same company, a 10% discount is available on the total cost, before the VAT and HRDA subsidy. This discount only applies for participants who enroll in the same seminar, on the same day. This discount can only be combined with the early bird discount and the HRDA subsidy, when applicable.
      • For individuals/legal entities who/which register in more than two (3+) seminars during the same semester (January-June & July-December), a 10% discount is available on the total cost, before the VAT and HRDA subsidy. This discount only applies for individuals/legal entities who/which enroll in more than two (3+) seminars during the same semester, on the same day. This discount can only be combined with the early bird discount and the HRDA subsidy, when applicable.
      • There is a 10% discount for alumni members. This discount should be applied before the VAT and HRDA subsidy and can only be combined with the early bird discount and the HRDA subsidy, when applicable. For more information on our alumni scheme, click here.
      • There is a 10% early bird discount on selected seminars for participants who enroll in a training course until a specific date which is stated above. This discount should be applied before the VAT and HRDA subsidy and can only be combined with the HRDA subsidy, when applicable
      • HRDA subsidy for all HRDA approved seminars. 
      • Please note that while participants may qualify for multiple discounts, a maximum of two discounts, up to a total of 20%, can be applied per registration.
         

      Contact

      For any queries, please contact KPMG Academy on +357 22 207 460 or at academy@kpmg.com.cy
       

      CPD

      This seminar may contribute to Continuing Professional Development requirements. At the end of the seminar participants will be given a certificate of attendance confirming the total number of training hours (6,05 CPD)

      Trainers

      Sandra Zreik
      Assistant Manager, Technology Consulting, KPMG in Cyprus 

      Sandra is an Assistant Manager in Technology Consulting at KPMG in Cyprus, holding an MSc in Computer and Communications Engineering with emphasis in Mechatronics Engineering and bringing over five years of experience in information security, IT assurance, and cybersecurity governance. With a strong foundation in IT assurance and security advisory, she specializes in ISO 27001 and ISO 42001 implementations and certifications, IT risk assessments, regulatory compliance (including DORA and the GDPR), and cybersecurity control evaluations.

      She has extensive strong experience in designing and enhancing information security and AI governance frameworks, policies, and governance structures to support organizational resilience and compliance. Sandra has led initiatives to strengthen security practices, overseen ISMS governance, and implement programs across AI governance, business continuity, and security awareness.

      Her experience also includes managing audits, regulatory requirements, third-party risk, and the continuous improvement of control environments. She combines technical expertise with leadership skills to manage teams and coordinate projects, delivering high-quality, compliant, and scalable solutions aligned with both business and regulatory expectations.

      The programme has been approved by the HRDA. Enterprises participating with their employees who satisfy HRDA’s criteria, are entitled to subsidy. 

      anad

      KPMG Academy

      Offers bespoke training and advisory services as of 2009

      Find out more
      Abstract 3d render modern background graphic design_20012