Security Awareness Training Built for Your Industry
Generic compliance videos do not survive contact with a real workforce. Pick the industry that matches your team. Get the threat patterns, exercises, and compliance mappings that actually apply.
By Dmytro Koziatynskyi Last reviewed
Healthcare
HIPAA-aligned interactive training for hospitals, clinics, and PHI-handling workforces. Covers phishing, ransomware, BEC, and breach response.
Try the exerciseFinancial Services
Audit-ready interactive training for banks, credit unions, broker-dealers, and fintechs. Covers BEC, wire fraud, deepfake CEO calls, and 23 NYCRR 500 evidence.
Try the exerciseGovernment & Public Sector
CMMC, FedRAMP, and NIST 800-171 aligned training for federal, state, local, and contractor workforces. Covers nation-state phishing, ransomware, and CUI handling.
Try the exerciseManufacturing
OT-aware interactive training for plants, suppliers, and defense contractors. Covers ransomware, BEC, vendor impersonation, USB drops, and CMMC evidence.
Try the exerciseRetail & E-commerce
PCI DSS v4.0-aligned interactive training for store staff, e-commerce engineers, and customer-service teams. Covers BEC, e-skimming, gift-card fraud, and OAuth abuse.
Try the exerciseEducation
FERPA-aligned interactive training for K-12 districts, universities, and ed-tech teams. Covers ransomware, BEC, smishing, phishing, and student-data handling.
Try the exerciseLegal Services
ABA-aligned interactive training for law firms, in-house legal, and paralegal teams. Covers BEC wire fraud, trust-account redirection, phishing, and client-confidentiality scenarios.
Try the exerciseSaaS & Technology
SOC 2 and ISO 27001-aligned interactive training for SaaS, AI product teams, and cloud engineering. Covers production credential phishing, OAuth abuse, prompt injection, and AI coding assistant data leakage.
Try the exerciseManaged Service Providers
CIS Controls and CMMC-aligned interactive training for MSPs and their client workforces. Covers RMM credential phishing, ransomware blast radius, vendor-impersonation vishing, and tech-support scams.
Try the exerciseNon-Profit
Donor-trust-aware interactive training for non-profits, NGOs, and charitable foundations. Covers donor-fund BEC, gift-card scams, ransomware on small NGOs, and phishing for donor-database credentials.
Try the exerciseWhat Is Industry-Specific Security Awareness Training?
Industry-specific security awareness training is a workforce education program that aligns scenario practice, exercise selection, and audit reporting with the threat patterns and regulations that apply to a specific vertical. Healthcare workforces face HIPAA, vendor impersonation, and ransomware on hospital networks. Financial services face GLBA, PCI DSS, and BEC fraud. Manufacturing faces OT remote-access risk and supply-chain compromise.
Effective programs do three things: they map exercises to the controls auditors actually review, they prioritize threats statistically most likely to land on the workforce, and they produce evidence packages aligned with the audit framework. Generic compliance videos technically check the training box but rarely change behavior because the scenarios feel disconnected from the day-to-day work.
RansomLeak publishes the same 100+ exercise catalogue across all 10 supported industries. The differences sit in the assignment template, the compliance mapping, and the recommended exercise sequence. Each industry page below lists the threat patterns, regulatory frameworks, and featured exercises that apply, with audit-ready SCORM exports for any LMS.
How we built the industry programs
Each industry page draws on three inputs: the public threat record (HHS HC3, FBI IC3, CISA, sector ISACs), the regulatory and audit framework (HIPAA, GLBA, PCI DSS, NIST 800-171, ISO 27001, NIS2), and the buyer interviews behind every RansomLeak deployment in that vertical. The result is a recommended exercise sequence that maps to controls auditors actually inspect, not a generic compliance video repackaged for a new logo.
Threat patterns rotate fast. Healthcare ransomware moved from opportunistic to vendor-impersonation through 2023 and 2024. Financial services BEC shifted from CEO fraud to payroll diversion as DMARC adoption climbed. Manufacturing intrusions now arrive through unmonitored OT remote-access portals as often as through phishing. The featured exercises on each industry page are reordered when the dominant pattern shifts so new hires drill the threats their workforce will actually encounter, not the playbook from two years ago.
Compliance mapping is the second axis. Each industry page lists the regulations that drive the buying decision and the specific control IDs each exercise satisfies. Healthcare maps to 45 CFR § 164.308(a)(5) Security Awareness and Training. Financial services maps to GLBA Safeguards Rule, 23 NYCRR Part 500, and PCI DSS 4.0 Requirement 12.6. Manufacturing maps to NIST 800-171 3.2 and CMMC Level 2 AT.L2-3.2.1. Auditors get the evidence; security leaders get behavior change.
Frequently Asked Questions
What buyers ask before picking an industry program.
Why does industry-specific security awareness training matter?
Can the catalogue be assigned by industry?
How does compliance mapping work?
Do you have content in regulated languages?
How are these pages different from the Catalogue?
Not Sure Which Program Fits?
Book a 30-minute walkthrough. Bring your audit framework and LMS. We will map the right exercises to your workforce.