Centre For Cybersecurity Institute Centre For Cybersecurity Institute
Menu
Corporate training · Professional services

Cyber awareness training for professional services

Consultancies, accountancies and agencies sell trust. One mishandled client file or compromised inbox spends years of it. We turn your team into the control your clients assume you already have.

Why professional services get targeted

These are the attack patterns we train against in this sector, drawn from live campaigns rather than textbook examples.

Client-data exposure

Your working files are your clients’ secrets: financials, deals, audits, strategies. Attackers target the advisor because the advisor holds many clients’ crown jewels at once.

Invoice and engagement fraud

Spoofed engagement letters, fake invoice updates and compromised email threads that redirect client payments or fee settlements.

AI tools leaking by default

Staff paste client material into AI tools daily. Without clear guardrails, your confidentiality obligations are one prompt away from breached.

Supply-chain entry point

Attackers increasingly compromise a firm to reach its clients. Your security posture is part of every client’s vendor risk register now.

The rules your people operate under

Training is the control every one of these frameworks expects, and our engagement report is the evidence they ask for.

PDPA

Personal data across client engagements carries protection and accountability obligations, evidenced through staff training.

Client questionnaires

Security questionnaires and vendor audits are now standard in professional services procurement. Training evidence is a recurring line item.

Cyber Essentials Mark (Singapore, CSA)

The national baseline certification many firms now pursue expects employees equipped as the first line of defence.

ISO 27001

Firms working towards ISO 27001 need an awareness and training control that actually operates, not a policy PDF.

Tailored curriculum

What we build for professional services

Everything in the core Cyber Safety workshop, live hacking demonstrations included, plus sector-specific depth:

  • Phishing and social-engineering drills built from professional-services lures
  • Client-data handling across email, cloud drives and collaboration tools
  • Safe AI use for client work: what to paste, what to keep out, and firm guardrails
  • Payment and engagement fraud scenarios for finance and partners
  • How today’s habits map to the Cyber Essentials Mark (Singapore, CSA) and ISO 27001 evidence
Always included
  • Pre-workshop consultation
  • Post-training phishing simulation
  • Before-and-after awareness measurement
  • Board-ready engagement report
  • Certificates for all participants

Measured results

+54.5%

lift in self-rated staff awareness in a single session, NPS +50 with zero detractors

SustinereSustainability consultancy, Singapore
70%

reduction in phishing incidents across recurring yearly workshops

Over the years we have seen a 70% reduction in phishing incidents, thanks to the vigilance these yearly workshops build.
200+ employee organisationRecurring annual client, Singapore

Where to start

Most firms start with a half-day pilot workshop with the simulation and report included, then step into the Essentials programme for year-round reinforcement. Sustinere, a Singapore sustainability consultancy, lifted self-rated staff awareness 54.5% in one session with this format.

Recommended for you

Pilot Workshop

Your first engagement, any team size

From S$2,800single session
  • Live 2-hour virtual (S$2,800) or half-day on-site workshop (S$5,400)
  • Curriculum tailored to your sector in a pre-workshop consultation
  • Live hacking demonstrations and hands-on exercises
  • Post-training phishing simulation with analytics
  • Board-ready engagement report and debrief

The pilot fee is credited in full against any annual programme signed within 90 days.

Scope this with us
See every programme and the cost estimator

Consulting questions, answered

We already passed a client security audit. Why train?

Audits check controls on paper; attacks test people in practice. Training closes the gap between the two, and the next questionnaire will ask for training evidence anyway.

Can the AI module reflect our own tool policy?

Yes. The pre-workshop consultation captures your approved tools and red lines, and the AI segment teaches your policy through live examples rather than abstract rules.

How does this support a Cyber Essentials Mark (Singapore, CSA) journey?

The People domain of the certification expects staff equipped against phishing and unsafe habits. Our curriculum maps to it, and the engagement report becomes part of your evidence pack.

What size firm is this for?

From boutique partnerships to hundreds of staff. Under about 50 people, a single workshop covers the firm; beyond that we split sessions by office or function and price accordingly.

Not sure where you stand? Take the free two-minute check: Do I need cyber awareness training for my team?

Ready to train your consulting team?

Book a 30-minute scoping call. We will map your headcount, sites and regulatory context to the right format and give you a clear quote.

Chat with us