Security Culture as a Service (SCaaS)

Many organizations believe that cyber security awareness training for employees needs to be as serious as the topics covered.

Contact us
/en/services/cyber-risk/governance-advisory/cyber-security-culture-scaas service

Too often, this turns into uninspired “check-the-box” exercises. The result? Greater exposure to security events because employees are unprepared to recognize real threats or respond to evolving tactics.

It’s time for a change – a culture change that helps employees internalize a cyber security and data privacy mindset and “own” their role in keeping data safe. A new era of stronger security can start with Kroll’s Security Culture as a Service (SCaaS).

Kroll’s SCaaS is field-proven to help employees embrace strong data security attitudes and practices in their everyday activities.  

Cyber Security Awareness Programs Customized for Your Industry, Organization and/or Stakeholder Roles

From our experience investigating thousands of cyber incidents, we have seen how virtually every security compromise can ultimately be traced to a human factor. Our findings are supported by a wide range of annual open-source surveys and reports that show employees and related third parties are responsible for 60%-90% of incidents, including those involving paper data sources and lost devices. 

Kroll’s SCaaS experts focus on the human risks most relevant to your organization, whether they be industry-related or role-based.  You can expect us to have frank discussions with leaders and a cross-section of your staff about digital and physical security factors that put data at risk. In fact, this emphasis on communication is a fundamental part of our approach to building a security culture.

Kroll’s unique approach to creating a security culture taps into the expertise and insights of cyber security, marketing and communications professionals who understand the power of creative storytelling. Together with an understanding of your goals and needs, we translate our findings into engaging, influential training.  

Four Steps to Customize a Culture-changing Program
  1. Understand your business strategy, key risks and current corporate culture.
  2. Engage with your key user communities to confirm risk areas and brainstorm the big ideas for your program.
  3. Develop your tailored and measurable security culture program, along with messages and methods aligned to your business.
  4. Provide direct or supplemental expertise to drive implementation (e.g., strategy, content development, training and coaching).
Bespoke Cyber Security Awareness Programs for Organizations at Every Maturity Level

Whether you already have a robust security culture or want to start fresh, you’ll find what you want with Kroll’s wide range of SCaaS services. Here are two of our most popular programs:


Kroll SCaaS Training Kick-Starter Package

Kroll SCaaS Pop-Up Health Check


Educate employees about identifying cyber threats and avoiding them.

Dynamic onsite “refresher” sessions with employees to reinforce good security practices and identify problematic gaps.

Delivery Mode

SCORM-compliant e-learning training modules , videos, games, etc. 
For a tailored look and to make content more relevant for employees, we can add your organization’s logo and policy references to materials.

Onsite conference-style booths set-up in high-traffic areas, such as an office foyer or common workspace to generate hype and engagement.

Sample Topics Covered

  • Phishing (intro)

  • Internet safety

  • Ransomware

  • Physical security

  • Password

  • Mobile devices

  • Privacy and social media

  • Personal security and privacy settings on mobile phones, tablets or laptops

  • Secure social media profiles, e.g., Facebook, Instagram, WhatsApp, WeChat

  • Insight and takeaways to protect home networks and corporate devices used at home

  • BYOD corporate policy and awareness

  • Identifying security incidents at work, home and play



 Assessment module provides metrics on completion rates, scores and areas that employees require more training, clarification, etc.

 Booth visitors receive on-the-spot “diagnosis” for real-life potential issues and ways to improve cyber safety with a basic “treatment plan.”

Employees learn how easy it is to be part of a safer, security-conscious workplace, and how these skills are transferable to their personal lives.

Your Kroll SCaaS Program Can Be Customized to Include Some or All the Following Elements


  • Security culture program
  • Executive support toolkit
  • Performance measurement and metrics
  • Resourcing augmentation
  • Coaching and mentoring


  • Activity planning
  • Phishing exercises
  • eLearning module development (general or customized)
  • Gamified learning and development
  • Face-to-face training (technical and non-technical)


Tailored user community messaging relevant to your business, such as:

  • Directors/CXOs (understanding and accountability for security)

  • HR (security within the employee lifecycle)

  • Procurement (security related to external parties)

  • Application development (security within the SDLC)

  • Infrastructure (security across the network and supporting infrastructure)

  • Service desk/center (security within the end-user environment)

Supported by a variety of materials developed under your brand guidelines:

  • Email templates

  • Intranet input

  • Brochures

  • News articles

  • Videos

  • Infographics

  • Posters

Engage Your Teams to Foster a Strong Data Privacy and Security Culture

From strategic guidance to tactical decision-making to bringing it all together with dynamic operational activities, Kroll’s SCaaS solutions support you every step of the way. To learn what Kroll’s SCaaS clients around the world are saying about the difference our training is making – and how you can achieve meaningful improvements in employee security engagement – contact one of our SCaaS experts today.

Connect with us

Connect with us

Scott Hanson
Scott Hanson
Associate Managing Director & Head of Global Security Operations
Cyber Risk
Matthew Dunn
Matthew Dunn
Managing Director
Cyber Risk

See all servicesStay Ahead with Kroll


Valuation of businesses, assets and alternative investments for financial reporting, tax and other purposes.

Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate and remediate security, legal, compliance and regulatory risk.

Corporate Finance and Restructuring

Middle Market M&A, Strategic Advisory, Debt Advisory and Private Capital Markets, Restructuring and Insolvency Services, Financial Due Diligence, Fairness Opinions, Solvency Opinions and ESOP/ERISA Advisory.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Environmental, Social and Governance

Advisory and technology solutions, including policies and procedures, screening and due diligence, disclosures and reporting and investigations, value creation, and monitoring.

Investigations and Disputes

World-wide expert services and tech-enabled advisory through all stages of diligence, forensic investigation, litigation, disputes and testimony.

Business Services

Expert provider of complex administrative solutions for capital events globally. Our services include claims and noticing administration, debt restructuring and liability management services, agency and trustee services and more.


Q4 2021 Threat Landscape: Software Exploits Abound

Feb 16, 2022

by Keith WojcieszekLaurie Iacono George Glass


ALM Intelligence Pacesetter Research – Cybersecurity Services 2020

Oct 28, 2020

by Jason N. SmolanoffMarc Brawner


CVE-2020-1472 (Zerologon) Exploit Detection Cheat Sheet

Oct 22, 2020

by Carlos Garcia, Simone Marinari, Roman Guillermo


Kroll Ransomware Attack Trends – 2020 YTD

Oct 06, 2020

by Devon AckermanKeith Wojcieszek Laurie Iacono

Press Release

Kroll Responder Recognized in 2023 Gartner Market Guide for Managed Detection and Response Services for the Third Consecutive Year

Mar 23, 2023


Kroll Launches Cyber Partner Program Delivering Lifetime Returns

Feb 28, 2023


Kroll Named an MDR “Champion” by Bloor Research

Feb 27, 2023

Press Release

Gartner Names Kroll a Representative Vendor for Managed Security Incident and Event Management

Jan 09, 2023


Kroll at RSA Conference 2023

Conference Conference Apr 24 - Apr 27, 2023 | Conference


KAPE Intensive Training and Certification

Online Event Online Event Apr 13 - Dec 07, 2023 | Online Event