Product

How security teams can make cybersecurity training more accessible

9 June 2026 · 6 min read

Cybersecurity training has to work across roles, locations, languages, devices, and levels of focus. An employee may complete a lesson on a laptop at a desk, on a shared device during a shift, in a second language, or with assistive technology. The experience still needs to be clear and consistent.

That has shaped SoSafe’s approach to Personalised Micro-learning from the start: short, relevant lessons designed for real work environments. Accessibility belongs in that same product principle. The lesson should not depend on one way of reading, listening, navigating, or interacting.

This article explains how security teams can approach accessible cybersecurity training, what to consider before rollout, and how SoSafe supports accessible e-learning.

The standards behind accessible e-learning

In European e-learning reviews,Web Content Accessibility Guidelines (WCAG) 2.1 is usually the starting point. WCAG 2.1 sets criteria for whether digital content can be perceived, operated, understood, and used reliably. It also covers use with assistive technologies and alternative ways of navigating.

Cybersecurity training often goes beyond a web-page experience. It can include lesson screens, video, audio, interactive tasks, documents, language settings, SCORM delivery, and completion records.EN 301 549 helps frame that wider setup because it applies to information and communication technology products and services. The European Commission also notes thatEN 301 549 V3.2.1 includes requirements beyond WCAG 2.1.

When accessibility appears in procurement, tenders, or internal reviews, teams need more than a broad “accessible” claim. They need to know which standard was used, which version applies, and which parts of the e-learning experience were assessed.

Build lessons people can complete independently

Accessible e-learning should let employees move through a lesson without extra support.

  • Keyboard access is one part of that. Learners need to complete the task without a mouse. Focus order should follow the visual and logical flow. Focus indicators should show where the learner is. Repeated blocks should be easy to skip. Keyboard shortcuts should not create issues that learners cannot switch off or manage.
  • Screen reader support needs the same care. Meaningful images need useful alt text. Decorative images should stay out of the way. Headings, lists, and landmarks should give the lesson a structure assistive technologies can understand.
  • Interactive elements need clear roles, names, states, and values. This is especially relevant for flipcards, drag-and-drop tasks, labelled graphic markers, and tab panels. Learners need to know what each element is, what it does, and whether its state has changed.
  • Reading order shapes the experience too. Page titles, announcement order, status messages, and live regions help learners follow changes on screen. For multilingual training, page-level and inline language attributes help screen readers pronounce content correctly.

Design for different ways of seeing and reading

A lesson that looks clear in the default view should still work when a learner changes how they view it. Some employees enlarge text. Some use high-contrast settings. Others rely on spacing, contrast, or layout changes to read comfortably.

For e-learning, the design should support resizing, zoom, readable contrast, and user display preferences. Colour should not be the only way to communicate meaning. Important text should not be locked inside images where it becomes harder to resize or interpret. Hover content should also be manageable, so learners can dismiss it or keep it visible long enough to read.

Give media and interaction more than one route

Video, audio, and interactive tasks can make cybersecurity training easier to follow. 

Video should have captions and a full-text alternative. Audio should be easy to start, stop, and control. Audio descriptions may be needed where visual information carries essential meaning. Audio narration controls should also be labelled clearly.

A learner should not have to rely on a precise mouse movement, a drag action, or a gesture to complete a core activity. Pointer actions should be possible to cancel or undo. Accessible names should match visible labels where possible. If motion-based input is used, there should be another way to complete the task.

Reduce cognitive load inside the lesson

Accessible training also depends on how easy the lesson is to follow from one screen to the next.

Navigation and labels should stay consistent. A learner should not land somewhere unexpected after focusing on a button or entering an answer. If something goes wrong, the lesson should explain the error in text and give a clear way to fix it.

Timing, flashing content, and locked screen orientation also need care. They can make a lesson harder to use for people with different cognitive, sensory, or motor needs. Input purpose should also be identifiable where relevant, so tools can support the learner.

For cybersecurity training, employees are there to practise safer decisions. The lesson mechanics should not take attention away from the behaviour you want them to build.

Validate the route employees will actually use

A lesson can work well in one environment and behave differently in another.

Many organisations deliver training through a learning management system. That can help with assignments, reminders, and records. It also means the learner experience includes more than the lesson itself. Sign-in, SCORM delivery, browser behaviour, completion tracking, and the LMS interface can all affect whether training remains easy to use.

Before rollout, it helps to follow the route employees will take. Open the course in the delivery environment. Review how the lesson behaves with the browser and LMS setup your teams use. Confirm that employees can complete the module and that records are captured as expected.

In-house content should be treated separately. A PDF with poor reading order, a video without subtitles, or a custom SCORM package with weak keyboard support brings its own accessibility issues.

How SoSafe supports accessible cybersecurity e-learning

SoSafe’s security awareness training is built around short and personalised lessons. The training uses behavioural science, gamification, and story-based learning to help employees build safer habits during the working day. Lessons can adapt to each employee’s role, behaviour, and risk level, so training feels relevant rather than generic.

Accessibility sits inside that same learning experience. A lesson should be easy to follow, but it should also work for people who read, listen, navigate, or interact in different ways. SoSafe supports this through lesson formats and features designed for real use: quiz slides, dialogue, flipcards, tiles, tabs, carousels, labelled graphics, branching formats, matching tasks, video with alternative text, result slides, navigation, audio, glossary, and external links.

SoSafe’s standard learning content has also been assessed by independent accessibility experts in collaboration with Deutsche Telekom MMS. The newest lessons and relevant lesson features were tested against EN 301 549 V3.2.1:2021, including WCAG 2.1 Level AA. The standard configuration is rated as accessible by default, which gives organisations a clearer basis for accessibility questions in tenders and internal reviews.

The assessment looked across different user needs, including low vision, no vision, motor disabilities, limited or no hearing or speech, and cognitive, language, or learning needs. In the tested areas, SoSafe’s templates were rated accessible, with good or very good accessibility across the assessed user groups.

The tested areas cover many of the details that shape the lesson experience: keyboard operation, screen reader use, reading order, visible focus, contrast, zoom and reflow, text spacing, high-contrast preferences, captions, media alternatives, controllable audio, consistent navigation, error handling, and language attributes. The test environment included Windows 11, Chrome, and JAWS 2025 with WTS extension.

SoSafe also supports larger rollouts through personalised learning paths, localisation in over 30 languages, SCORM-compliant lessons, LMS integration, reporting, and dashboards. For organisations with stricter requirements, SoSafe offers a configuration which achieves full conformity with EN 301 549 with restrictions to audio

Review your accessibility-ready learning setup with SoSafe

Speak with our team to find the setup that best supports your learners, your LMS delivery route, and your accessibility evidence needs.

Talk to SoSafe experts

Do you want to stay ahead of the cyber game?

Sign up for our newsletter to receive the latest cyber security articles, events, and resources. No spam, only content that truly matters.

Newsletter visual Hero Background

Experience our products first-hand

Use our online test environment to see how our platform can help you empower your team to continuously avert cyber threats and keep your organization secure.

The Forrester Wave™ Strong Performer 2024: Human Risk Management Solutions

This page is not available in English yet.

Diese Seite ist noch nicht in Ihrer Sprache verfügbar. Sie können auf Englisch fortfahren oder zur deutschen Startseite zurückkehren.

Cette page n’est pas encore disponible dans votre langue. Vous pouvez continuer en anglais ou revenir à la page d’accueil en français.

Deze pagina is nog niet beschikbaar in uw taal. U kunt doorgaan in het Engels of terugkeren naar de Nederlandse startpagina.

Esta página aún no está disponible en español. Puedes continuar en inglés o volver a la página de inicio en español.

Questa pagina non è ancora disponibile nella tua lingua. Puoi continuare in inglese oppure tornare alla home page in italiano.