The Student Loans Company (SLC) spent £76,800 on cybersecurity training over its previous two fiscal years – including a sudden and unsurprising interest in security in a work-from-home environment.
According to the SLC's response to a Freedom of Information (FoI) Act request, which was made by self-described "niche litigation practice" Griffin Law, almost 20,000 specialist courses were booked and completed in the 2019/2020 and 2020/2021 financial years ended this April. At a total spend of just over £76,800, that's a miserly £3.84 per course – but the released figures don't necessarily cover everything.
"£77,000 may appear to be low, especially if this is distributed over two years," opined security specialist Sean Wright of the figures. "It could actually be an appropriate amount if the training which they are purchasing helps their employees and organisation.
"Companies need to spend the time to select training which is appropriate for them and their employees. Simply throwing money at the problem is not going to solve it. We've seen this in security tooling, where some companies attempt to throw loads of money on new tools but without properly evaluating those tools and ensuring that they fit the purpose for their organisation and teams. Training should be no different."
The breakdown of courses includes fees paid to third-party agencies, but not costs involved with internal training developed within SLC itself – such as an anti-money laundering course, which the overwhelming majority of the organisation's staff took in both 2019-2020 and 2020-2021.
Some courses, such as "Counter-Fraud, Bribery, and Corruption", had a roughly even number of attendees year to year. Others, including "Role of the Manager Security MasterClass", saw a spike from 20 attendees in the first financial year to 142 in the second.