In an era of a growing number of cyber threats and increasingly complex IT infrastructure, information and data security has become a key element of business operations. The Polish Act on the National Cybersecurity System (KSC) imposes obligations not only on IT departments but also on the management of an entity, including the management board or individuals performing managerial functions. One of the key requirements is the annual training of the management body in the scope of KSC.