Employees often do not use newly introduced security programs and functions because they do not know how to operate them and learning how to use them independently in parallel to their daily work routine is considered too time-consuming. In addition, a lack of training after the introduction of new software can result in employees operating or configuring it incorrectly and cause unnecessary delays in work processes. For this reason, it is not enough just to purchase and install (security) software. In critical IT systems and applications in particular, an operating error can result in consequences that threaten the existence of the organisation in question.