Security Awareness Training Built for Your Industry
Pick the industry that matches your workforce. Each guide covers the threat patterns, exercises, and compliance mappings that actually apply.
Healthcare
HIPAA-aligned interactive training for hospitals, clinics, and PHI-handling workforces. Covers phishing, ransomware, BEC, and breach response.
Read the guideFinancial Services
Audit-ready interactive training for banks, credit unions, broker-dealers, and fintechs. Covers BEC, wire fraud, deepfake CEO calls, and 23 NYCRR 500 evidence.
Read the guideGovernment
CMMC, FedRAMP, and NIST 800-171 aligned training for federal, state, local, and contractor workforces. Covers nation-state phishing, ransomware, and CUI handling.
Read the guideManufacturing
OT-aware interactive training for plants, suppliers, and defense contractors. Covers ransomware, BEC, vendor impersonation, USB drops, and CMMC evidence.
Read the guideRetail
PCI DSS v4.0-aligned interactive training for store staff, e-commerce engineers, and customer-service teams. Covers BEC, e-skimming, gift-card fraud, and OAuth abuse.
Read the guideEducation
FERPA-aligned interactive training for K-12 districts, universities, and ed-tech teams. Covers ransomware, BEC, smishing, phishing, and student-data handling.
Read the guideLegal Services
ABA-aligned interactive training for law firms, in-house legal, and paralegal teams. Covers BEC wire fraud, trust-account redirection, phishing, and client-confidentiality scenarios.
Read the guideSaaS
SOC 2 and ISO 27001-aligned interactive training for SaaS, AI product teams, and cloud engineering. Covers production credential phishing, OAuth abuse, prompt injection, and AI coding assistant data leakage.
Read the guideMSPs
CIS Controls and CMMC-aligned interactive training for MSPs and their client workforces. Covers RMM credential phishing, ransomware blast radius, vendor-impersonation vishing, and tech-support scams.
Read the guideNon-Profit
Donor-trust-aware interactive training for non-profits, NGOs, and charitable foundations. Covers donor-fund BEC, gift-card scams, ransomware on small NGOs, and phishing for donor-database credentials.
Read the guideHow we built the industry programs
Each industry page draws on three inputs: the public threat record (HHS HC3, FBI IC3, CISA, sector ISACs), the regulatory and audit framework (HIPAA, GLBA, PCI DSS, NIST 800-171, ISO 27001, NIS2), and the buyer interviews behind every RansomLeak deployment in that vertical. The result is a recommended exercise sequence that maps to controls auditors actually inspect, not a generic compliance video repackaged for a new logo.
Threat patterns rotate fast. Healthcare ransomware moved from opportunistic to vendor-impersonation through 2023 and 2024. Financial services BEC shifted from CEO fraud to payroll diversion as DMARC adoption climbed. Manufacturing intrusions now arrive through unmonitored OT remote-access portals as often as through phishing. The featured exercises on each industry page are reordered when the dominant pattern shifts so new hires drill the threats their workforce will actually encounter, not the playbook from two years ago.
Compliance mapping is the second axis. Each industry page lists the regulations that drive the buying decision and the specific control IDs each exercise satisfies. Healthcare maps to 45 CFR § 164.308(a)(5) Security Awareness and Training. Financial services maps to GLBA Safeguards Rule, 23 NYCRR Part 500, and PCI DSS 4.0 Requirement 12.6. Manufacturing maps to NIST 800-171 3.2 and CMMC Level 2 AT.L2-3.2.1. Auditors get the evidence; security leaders get behavior change.
Frequently Asked Questions
What buyers ask about industry programs.
Why does industry-specific security awareness training matter?
Can the catalogue be assigned by industry?
How does compliance mapping work?
See RansomLeak in Action
Try the free exercises or book a demo to see analytics, SCORM export, SSO, and custom content in your environment.