Proceedings of the
European Safety and Reliability Conference (ESREL2026)
14 – 19 June 2026, Braga, Portugal
Human-Centered Cybersecurity Training for SMEs: Results from developing and testing a tailored training approach.
Risk and Security Department, Institute for Energy Technology, Norway.
Human and Organizational Factor Department, Institute for Energy Technology, Norway.
Digital Sovereignty Department, Institute for Energy Technology, Norway.
ABSTRACT
Small and medium-sized enterprises (SMEs) face increasing exposure to cyber threats yet often lack the resources and expertise needed to implement robust security measures. This paper presents findings from a project addressing this challenge by developing and evaluating a tailored approach to cybersecurity training for SMEs. The project, led by IFE in collaboration with an SME industry partner, aimed to strengthen the SMEs' digital resilience through targeted and practical training. Building on previous research on SME cybersecurity, this work adopts a humancentered approach integrating psychological principles, human factors, and technical expertise. A comprehensive needs analysis was conducted to identify organizational vulnerabilities and competency gaps. Based on these insights, a modular training program was designed, emphasizing risk awareness, threat landscapes, and incident preparedness. Interactive methods, including group exercises and facilitated discussions, were used to increase engagement and learning outcomes. The training was piloted within the partner SME, followed by a structured evaluation assessing relevance, usability, and behavioral impact. Findings indicate that targeted training supports employees' understanding of cybersecurity risks and response strategies. However, sustainable behavioral change requires continuous reinforcement and strong leadership commitment. To support scalability, the project produced a step-by-step guide enabling SMEs to develop customized training programs aligned with their operational context. This work demonstrates that innovative, human-centered approaches to cybersecurity education can effectively enhance SMEs to digital resilience. By providing a practical, adaptable training framework, this study offers a concrete pathway for SMEs to strengthen their cybersecurity capabilities.
Keywords: Awareness, SME, cybersecurity, training, human-centered, resilience, competence building.
