PROCEDURE BUILDER
Security Awareness Training Program
Define your security training cadence, phishing simulation frequency, and new hire onboarding process. Document completion tracking and non-compliance follow-up. Aligned to Beazley, Hartford, Coalition, and Travelers.
What this cyber insurance requirement is
A security awareness training program for cyber insurance should define training frequency and delivery method, document phishing simulation cadence and metrics, specify new hire onboarding requirements and deadlines, outline curriculum topics covering phishing recognition, password hygiene, data handling, and social engineering prevention, and establish completion tracking with non-compliance follow-up procedures. Carriers require this evidence to verify your organization actively trains employees to recognize and respond to cyber threats.
Create your security training program below
What you'll get
- Training Schedule (annual, semi-annual, quarterly, monthly options)
- Training Topics & Curriculum (phishing, password, data handling, social engineering)
- Phishing Simulation Program (frequency, metrics, follow-up process)
- New Hire Onboarding requirements (deadline, tracking)
- Completion Tracking method and Non-Compliance process
- Carrier alignment (what each underwriter expects)
What carriers are looking for
Each carrier asks slightly different questions. Here are some named artifacts by carrier.
Beazley
- Interactive social engineering training frequency
- Phishing simulation metrics and click rates
- Tracking of reporting behavior improvements
Hartford
- Awareness training frequency (annual minimum)
- Scope documentation and training execution evidence
- Completion rates
Coalition
- Regular security training program
- Phishing simulation components
- Evidence of ongoing employee awareness program
Travelers
- Employee cybersecurity training cadence
- Phishing awareness frequency
- Documented training program with participation metrics
What to collect
Evidence artifacts your broker will need during the renewal process.
Completion reports
Platform completion reports showing enrollment, who took training, and when. Percentage of employees who completed within deadline.
Phishing simulation results
Click rate, report rate, time-to-report, trend over time. Shows if employees are improving in recognizing phishing.
New hire records
List of new hires from last 12 months and their training completion dates. Shows you met the new hire deadline.
Curriculum documentation
Syllabus or course outline showing topics covered: phishing, passwords, data handling, incident reporting, etc.
Non-compliance follow-up
Evidence that non-completers received reminders, escalation, or were required to take training.
Annual calendar/schedule
Training schedule showing when training is delivered, phishing sims launched, and when assessments occur.
Important: What this doesn't prove
Be upfront about these gaps. Carriers appreciate honesty over overstatement.
Completion: Enrollment reports don't prove employees actually watched videos or retained information.
Effectiveness: Lower click rates don't prove training worked; may be due to natural learning or employee fatigue.
Currency: Content may be outdated or not aligned to emerging threats (ransomware, business email compromise).
Contractor coverage: Reports may not include contractors, vendors, or temporary workers with access.
Who owns what
🏢 Insured
Owns the training program (frequency, topics, budget). Responsible for compliance (ensuring all employees complete). Owns contractor and third-party inclusion policy.
🔧 Training Platform / IT Team
Owns platform (KnowBe4, Proofpoint, Cofense, etc.). Delivers training, manages phishing campaigns, generates completion and simulation reports. Tracks new hire completions.
🤝 Broker
Coordinates program design with insured. Collects completion and phishing results from IT/platform. Maps to carrier questions. Identifies gaps (e.g., low completion rates) for remediation.
Frequently Asked Questions
How often should we do phishing simulations?
Monthly is best (shows ongoing effort and allows for micro-training). Quarterly is acceptable. Semi-annual is the minimum for carriers. None is a red flag. Pair with targeted training for repeat clickers.
What topics should we cover in training?
Minimum: phishing recognition, password hygiene, data handling. Recommended: social engineering, incident reporting, remote work security, mobile security, cloud service security. Tailor to your industry and top threats (ransomware, BEC, etc.).
Do new hires need different training?
Yes. New hires should complete onboarding training within 30 days of hire (some carriers prefer 14 days). Assign them a specific course or video, then include them in recurring annual training. Track separately so you can prove timeline compliance.
What platform is best?
Carriers don't mandate a platform. KnowBe4 and Proofpoint are most common. Arctic Wolf, Cofense, and Ninjio also work. Key features: LMS for content, phishing sim engine, reporting, new hire tracking, analytics. Built-in LMS or spreadsheet tracking is minimal but acceptable.
What's a good completion rate to target?
90%+ is excellent. 75%+ is acceptable for most carriers. Below 50% is a gap; carriers will ask why employees aren't completing training. Process: first reminder at 50% deadline, escalation email, manager involvement at 80%.
Should contractors take the same training?
Yes. Any contractor or vendor with access to systems/data should complete training. Your policy should state who is in-scope and how contractors are tracked (separate list, included in platform, etc.). Carriers will ask for proof.
Sources (March 2026)
- Beazley Cyber – Interactive social engineering training frequency expectations
- Hartford Cyber – Awareness training frequency (annual minimum) and documentation
- Coalition – Regular security training and phishing simulation program requirements
- Travelers InsuriTech – Employee cybersecurity training cadence and phishing awareness metrics