Free Training & Career Tips... Subscribe to Get Weekly Career Tips
By Subscribing You are Agreeing to Terms and Conditions
Cybersecurity awareness training teaches your staff to recognise and resist the everyday attacks that target them — phishing emails, business email compromise, fake invoices, password theft, ransomware and social engineering — so a single careless click does not breach your systems or your customers’ data. BOTI delivers this practical, facilitator-led course to whole teams, in-house at your premises or live online across South Africa, turning your people from your biggest security risk into your strongest line of defence.
If your organisation has invested in firewalls, antivirus and IT controls but your staff still click suspicious links, reuse weak passwords or pay fraudulent invoices, this course closes the gap technology cannot. Most breaches start with a person, not a system — exactly what awareness training addresses. BOTI quotes every programme free.
The business problem: your people are the attack surface
You can buy the best security software available and still be breached through one tired employee on a Friday afternoon. Most incidents begin with a person being tricked, not a server hacked. For South African businesses, three problems compound the risk:
- Phishing and business email compromise. A convincing email — apparently from a director, supplier or the bank — asks staff to change banking details, approve a payment or “verify” a password. One click or one wrong transfer, and the money or credentials are gone.
- POPIA exposure. Under the Protection of Personal Information Act, your organisation is legally responsible for safeguarding personal information. A breach caused by an untrained employee is still a breach you must report and account for.
- Uneven habits. Some staff are careful; most are not. Without a shared, trained standard, your defence is only as strong as your least security-aware person.
Cybersecurity awareness training fixes the human layer that technology cannot. Your team learns to spot the attack, pause, verify and report — turning caution into a company-wide habit. Because the skills transfer across email, payments, passwords and devices, the protection compounds across every desk.
Who this course is for
This is corporate training for South African organisations developing their own staff — not a technical certification for IT specialists or a study path for individuals. It is written for the people who carry the risk and the budget:
- HR and L&D managers rolling out a consistent, documented security-awareness standard across the workforce.
- Business owners and MDs of SMEs who cannot afford a breach and want practical protection without a large IT team.
- Compliance, risk and POPIA officers who need demonstrable evidence that staff have been trained on data protection.
- Department and operations managers — in finance, admin, sales, HR and customer service — whose teams handle email, payments and personal information every day.
No technical or IT background is required. The course is built for everyday business users — anyone who uses email, a password and a company device.
What the cybersecurity awareness course covers
The programme is practical and scenario-based — delegates work through realistic attacks drawn from South African workplaces, not abstract theory. A typical outline below.
| Module | What your team learns |
|---|---|
| 1. The threat landscape | How modern attacks work, why staff are targeted, and the real cost of a breach. |
| 2. Phishing and email scams | Spotting suspicious emails, links and attachments, and verifying before clicking or paying. |
| 3. Business email compromise | Recognising fake invoices, banking-detail changes and “urgent” director requests; verifying payments safely. |
| 4. Passwords and authentication | Strong, unique passwords, password managers and multi-factor authentication (MFA), in plain language. |
| 5. Social engineering | How attackers manipulate by phone, message and in person — and how to resist pressure tactics. |
| 6. Ransomware and malware | How infections spread, the warning signs, and what to do if something looks wrong. |
| 7. POPIA and data protection | Handling personal information responsibly, your obligations, and recognising a reportable breach. |
| 8. Safe device and remote work | Securing laptops and phones, public Wi-Fi risks, and good habits for hybrid teams. |
| 9. Reporting and response | A simple “see something, say something” routine so incidents are flagged early, not hidden. |
Outlines are tailored to your sector and systems — a finance team focused on payment fraud and a customer-service team handling personal data leave with different priorities.
Want this scoped to your team’s systems and risks? Request a quote or a free 15-minute callback. Phone 011-882-8853 or use the BOTI booking page, and ask for our free Phishing Red-Flags Checklist — a one-page guide your staff can pin up and use from day one.
Why awareness training is the highest-leverage security spend
Of all the ways to reduce cyber risk, training your people gives the fastest, broadest return. Software stops known threats; trained staff stop the social-engineering attacks designed to slip past it — and the same alertness defends email, payments, passwords, devices and personal data across the whole business. Documented, regular training also helps demonstrate you took reasonable steps to protect personal information under POPIA, and a focused programme equips a team in a day. For most South African organisations, this is the single most cost-effective layer in a security strategy — the natural complement to your IT controls.
Delivery formats and national reach
You choose the format that fits your team:
- In-house / on-site at your premises — usually the most cost-effective option for a group, built around your own systems, policies and real examples.
- Off-site at a venue in a major centre — for teams that prefer to train away from daily interruptions.
- Virtual / remote instructor-led — efficient for distributed and hybrid teams, with no travel cost and a fully interactive session.
BOTI delivers across Johannesburg, Cape Town, Durban and Pretoria, with remote delivery nationwide — so head office, branch and remote staff all reach the same standard.
Accreditation
Cybersecurity awareness is delivered as a practical, facilitator-led skills programme aimed at immediate behaviour change; delegates receive a BOTI certificate of completion (this is not an accredited qualification). Attendance is documented cleanly so the training records into your Annual Training Report (ATR) as staff development, with evidence of POPIA-related staff awareness. Need accredited training? Ask about BOTI’s QCTO/SETA-accredited programmes in related areas such as Business Administration and Office Administration. BOTI is an accredited training provider — Services SETA 12582, MICT SETA ACC/2016/07/0045, and a QCTO Quality Partner. Tell us your reporting objective and we will recommend the right structure.
Funding: turn your Skills Development budget into protection and B-BBEE points
Security-awareness training is staff development, so the spend can work inside your existing skills-development planning. As general guidance only:
- Employers above the threshold pay the Skills Development Levy (SDL) at 1% of payroll. Training delivered to your staff is captured in your Workplace Skills Plan (WSP) and Annual Training Report (ATR), supporting your mandatory-grant claim.
- The B-BBEE skills-development target is measured against 6% of the leviable amount — not 6% of payroll — so planned, documented team training also contributes to your transformation scorecard.
Where skills development supports tender readiness, note that the PPPFA 2022 regulations score “specific goals” — such as HDI ownership (race, gender and disability) and RDP objectives — rather than a generic B-BBEE level, and the Public Procurement Act 28 of 2024 introduces set-asides. This is general information, not financial or legal advice — confirm specifics with your SETA, SDF or B-BBEE verification professional.
Why BOTI
BOTI is an accredited South African corporate training provider with 450 courses and a client base that includes Sasol, Glencore and the City of Johannesburg. We deliver practical, benefit-led training for whole teams — in-house, off-site or remote — tailored to the threats, systems and policies your people actually face. For security awareness, that practicality is the point: your team leaves able to spot and stop a real attack.
Cybersecurity awareness rarely sits alone. Most clients pair it with related programmes:
- POPIA compliance training — the data-protection obligations awareness training helps you meet.
- Compliance training — a broader governance and risk foundation across the business.
- Microsoft Office training — the everyday digital skills where safe email and file habits matter most.
- In-house and on-site training — group delivery with clean attendance records for your ATR.
- The full BOTI course range — management, finance, HR, admin and compliance training for teams.
Frequently asked questions
What is cybersecurity awareness training?
It is practical training that teaches your staff to recognise and resist the everyday cyber-attacks that target people rather than systems — phishing emails, fake invoices and banking-detail scams, password theft, ransomware and social engineering. Delegates learn to pause, verify and report, and to handle personal information in line with POPIA. No technical background is required.
Do our staff need an IT or technical background?
No. The course is designed for everyday business users — finance, admin, sales, HR, operations and customer-service staff — not for IT specialists. It focuses on practical habits and judgement, explained in plain language, so the whole team can apply it.
How does this training help with POPIA compliance?
Under POPIA your organisation must take reasonable steps to protect personal information, and staff awareness is a recognised part of that. This course trains your people to handle personal data responsibly and to recognise a reportable breach, while documented attendance gives evidence that staff have been trained. It is general guidance, not legal advice — confirm your obligations with your information officer.
Can the cybersecurity awareness course be delivered at our offices or online?
Yes. BOTI delivers in-house at your premises, off-site at a venue, or via live online instructor-led sessions for distributed and hybrid teams. We cover Johannesburg, Cape Town, Durban and Pretoria, with remote delivery available nationwide. In-house group delivery is usually the most cost-effective for a team.
Does cybersecurity awareness training count toward our skills development spend?
Yes. Training delivered to your staff is captured in your Workplace Skills Plan and Annual Training Report, supporting your mandatory-grant claim, and contributes to the B-BBEE skills-development target measured against 6% of the leviable amount (not 6% of payroll). This is general guidance — confirm specifics with your SETA, SDF or B-BBEE verification professional.
Request a quote or a 15-minute callback
Turn your people from your biggest security risk into your strongest defence. Request a quote or book a free 15-minute callback and a BOTI consultant will scope a cybersecurity awareness course around your team’s systems, sector and risks. Call 011-882-8853 or ask for our free Phishing Red-Flags Checklist — a one-page guide your staff can use from day one.