FAQS

FREQUENTLY ASKED QUESTIONS

Choosing the right training experience or service often comes with questions. To make things straightforward, we have gathered answers to the most frequently asked questions across our programmes, events, and consultancy work.

This page acts as a central hub, helping you find key information without needing to search through multiple pages. Each section below relates to a specific area of what we offer, so you can go straight to what is relevant to you. If you cannot find what you are looking for, feel free to contact the team. We are always happy to provide more detail.

Consultancy Services

Corporate Development

Consultancy Services

Martyn's Law Consultancy & Compliance Support

What is Martyn’s Law?

Martyn’s Law, officially known as the Terrorism (Protection of Premises) Bill, is a proposed UK law designed to enhance security measures in publicly accessible venues. Named after Martyn Hett, a victim of the 2017 Manchester Arena attack, the law aims to ensure that venues implement appropriate protective measures to reduce the risk of harm from terrorism. It introduces a structured framework requiring businesses to assess threats, develop emergency response plans, and train staff to handle potential security incidents effectively.

Why is Martyn’s Law being introduced?

Martyn’s Law is being introduced in response to the growing threat of terrorism and the lessons learned from past attacks. Following incidents such as the Manchester Arena bombing, it became clear that many public venues lacked structured security measures and preparedness. The law is designed to create a consistent, legally enforceable approach to security across the UK, ensuring that businesses take proactive steps to protect the public and improve their emergency response capabilities.

Which venues will be affected by Martyn’s Law?

Martyn’s Law will apply to a wide range of publicly accessible venues, including entertainment venues, shopping centres, bars, restaurants, hotels, museums, stadiums, places of worship, and transport hubs. It also covers temporary events, such as festivals and concerts, provided they meet the criteria set out by the legislation. The law is designed to ensure that any location where large numbers of people gather has appropriate security measures in place.

How is Martyn’s Law structured?

The legislation applies a tiered system based on venue capacity. The Standard Tier applies to venues with a capacity of 100 to 799 individuals and requires them to conduct basic threat assessments, implement proportionate security measures, and train staff in emergency response. The Enhanced Tier applies to venues with a capacity of 800 or more and includes additional requirements such as more detailed security plans, the appointment of a designated security officer, and stricter compliance monitoring.

What are the key requirements for Standard Tier venues?

Venues in the Standard Tier must conduct a basic risk assessment to identify potential threats and vulnerabilities. They must also implement proportionate security measures, such as controlled access points, emergency response procedures, and staff awareness training. While these requirements are designed to be low-cost and practical, they are legally enforceable and intended to improve venue preparedness for potential attacks.

What additional requirements apply to Enhanced Tier venues?

Enhanced Tier venues must undertake more detailed risk assessments, develop comprehensive security plans, and implement stricter security measures, including access control, CCTV surveillance, and regular staff training. These venues must also appoint a designated security officer responsible for overseeing compliance with Martyn’s Law. Additionally, they are required to maintain thorough records of their security practices and be prepared for inspections to demonstrate compliance.

When will Martyn’s Law come into effect?

As of now, Martyn’s Law is still progressing through the legislative process in Parliament. The law is expected to come into effect in 2025, with an implementation period allowing businesses time to comply with the new requirements. However, venues are encouraged to begin preparations now to ensure they are ready when the law is enforced.

How can venues prepare for Martyn’s Law?

Venues can prepare by conducting internal risk assessments, reviewing their emergency response plans, and training staff on security awareness and crisis management. Businesses should also consider consulting with security experts to ensure their measures align with the forthcoming legal requirements. By taking proactive steps now, venues can avoid last-minute compliance challenges and strengthen their overall security framework.

What happens if a venue does not comply with Martyn’s Law?

Non-compliance with Martyn’s Law could result in serious consequences, including fines, legal penalties, or even forced closure in extreme cases. Regulatory bodies will have the authority to inspect venues and enforce compliance through audits and risk assessments. Businesses that fail to meet the required security standards may also face reputational damage and loss of public trust.

Will Martyn’s Law apply to temporary events?

Yes, Martyn’s Law will apply to temporary events that meet the capacity thresholds outlined in the legislation. This includes festivals, concerts, and public gatherings where security risks are present. Event organisers will need to assess potential threats, implement appropriate security measures, and train staff or volunteers on emergency response procedures to comply with the law.

Are there official resources available to help businesses comply with Martyn’s Law?

Yes, venues can access guidance from official sources such as the UK government’s ProtectUK website, which provides information on counter-terrorism security planning. The Security Industry Authority (SIA) and local authorities will also offer advice and training opportunities to help businesses meet the requirements of Martyn’s Law. Consulting with security professionals like Who Dares Group, who specialise in counter-terrorism planning, is also a valuable step for ensuring full compliance. Contact us today to schedule a consultation with one of our experts.

How will Martyn’s Law be enforced?

Martyn’s Law will be enforced through a regulatory body, which will have the authority to conduct inspections, review compliance documentation, and issue penalties for non-compliance. Enhanced Tier venues, in particular, will be subject to regular assessments to ensure they are adhering to security requirements. The goal is to create a standardised security culture across all public venues, rather than relying on voluntary compliance.

Hostile Environment Awareness Training (HEAT)

What is Hostile Environment Awareness Training (HEAT)?

HEAT is a specialised training programme that prepares individuals to operate safely in high-risk or unpredictable environments. It covers risk assessment, personal security, situational awareness, emergency first aid, crisis response, and survival strategies to help participants handle potential threats and challenges.

Who should take HEAT training?

HEAT is designed for anyone who may work or travel in unstable or high-risk areas, including journalists, humanitarian aid workers, corporate professionals, security personnel, and government staff. It is particularly valuable for those operating in regions affected by conflict, civil unrest, crime, or natural disasters.

What does a HEAT course include?

A HEAT course includes a mix of classroom learning and practical exercises. Key topics include personal safety, threat recognition, conflict avoidance, emergency medical care, kidnap survival, navigation, and crisis management. Realistic scenario-based training ensures participants gain hands-on experience in handling high-pressure situations.

How long does a HEAT course last?

The duration of HEAT courses varies, but most run between three to five days. Some providers offer intensive short courses, while others include extended sessions with advanced simulations and in-depth training.

Do I need prior experience to attend a HEAT course?

No prior experience is required. HEAT courses are designed for individuals of all backgrounds and experience levels. The training provides foundational security awareness and practical skills, making it suitable for beginners as well as those with previous field experience.

How physically demanding is HEAT training?

HEAT training involves practical exercises and role-playing scenarios but does not require extreme physical fitness. Participants are encouraged to engage at a level they are comfortable with. Training providers ensure the course is accessible to people of different physical abilities while still maintaining realistic learning conditions.

How often should HEAT training be refreshed?

It is recommended to refresh HEAT training every year. Security threats and best practices evolve over time, so regular refresher courses help ensure that participants remain up to date and confident in their crisis response skills.

Is HEAT training relevant for corporate professionals?

Yes, corporate professionals who travel to emerging markets, politically unstable regions, or areas with heightened security risks can greatly benefit from HEAT training. The course equips them with essential skills for assessing threats, responding to emergencies, and ensuring their personal safety while abroad.

How does HEAT differ from HEFAT?

HEFAT (Hostile Environment and Emergency First Aid Training) is an extended version of HEAT that includes a greater focus on emergency medical response. While HEAT covers general security awareness and survival skills, HEFAT places additional emphasis on trauma care, treating injuries in hostile environments, and life-saving first aid techniques.

How can I enroll in a HEAT course with Who Dares Group?

To enroll in a HEAT course with Who Dares Group, you can visit our official website or get in touch with our training team directly. We offer tailored courses for individuals and organisations, with flexible training options designed to meet specific security needs and operational requirements.

Cyber Consulting

What is cybersecurity consultancy?

Cybersecurity consultancy is a professional service that helps organisations identify, understand, and mitigate the risks associated with cyber threats. This involves more than just installing software or firewalls; it’s about building a structured, strategic approach to information security. Consultants assess vulnerabilities in systems, networks, and processes, and provide tailored guidance on how to reduce exposure to threats such as phishing, malware, ransomware, insider breaches, and data loss.

A good cybersecurity consultant will also support incident response planning, help build a security-focused culture, and ensure that leadership understands its role in protecting the business. This support can range from risk assessments and employee training to technical testing and compliance advice. It’s especially important for organisations without a full-time internal security team, or for those who need outside expertise to stay ahead of evolving threats.

What does cyber threat awareness involve?

Cyber threat awareness involves educating individuals within an organisation, especially those in high-access or decision-making roles, about the nature of modern cyber threats, how they work, and what can be done to avoid them. It’s not just training for IT teams; it applies to everyone, from reception staff to the boardroom. Effective awareness programmes focus on real-world threats such as phishing, business email compromise, social engineering, ransomware, and insider risks. The goal is to help people recognise red flags, respond appropriately in high-pressure situations, and avoid becoming an entry point for attackers. The best programmes are role-specific and reflect the actual threat landscape the business operates in.

Why is cybersecurity important at leadership level?

Business leaders and decision-makers are prime targets for attackers because of the level of access they hold and the influence they have over systems, people, and funds. Executives are regularly impersonated in phishing campaigns or directly targeted with tailored attacks like spear phishing or CEO fraud. A successful compromise at this level can lead to large financial losses, data breaches, or long-term reputational damage.

How does Who Dares Group approach cyber threat awareness?

Founded by UK Special Forces veterans, Who Dares Group take a practical, role-specific, and data-driven approach to cyber threat awareness. We mainly focus on how attacks actually happen and how organisations can reduce their exposure through informed decisions and better behaviour. Who Dares Group deliver tailored sessions based on real-world threat scenarios, decision-making pressure, and human factors, ensuring the material is relevant, engaging, and applicable from day one. We also draw on a global network of cybersecurity experts, including penetration testers, behavioural analysts, and strategic advisors. This allows us to provide end-to-end cyber threat awareness consultancy, covering everything from technical risk validation and internal reviews to incident planning and ongoing advisory support. To find out more about our offerings and packages, contact a member of our team today to arrange a free, no-obligation consultation.

What are the most common cyber threats businesses face today?

The most common cyber threats affecting UK businesses today include:

  • Phishing and social engineering: fake emails, messages, or phone calls that trick staff into clicking malicious links or giving up sensitive information.
  • Ransomware: malicious software that locks files or systems and demands payment, often with the threat of data exposure.
  • Business Email Compromise (BEC): attackers impersonate executives or suppliers to trick employees into transferring funds or sending confidential data.
  • Insider threats: threats that come from within the organisation, either from malicious insiders or careless staff with access to critical systems.
  • Credential theft: stolen passwords used to access accounts, often through phishing, reused credentials, or poorly secured systems.
  • Denial-of-Service (DoS/DDoS) attacks: overloading systems or websites to disrupt business operations and identify vulnerabilities.
  • Unpatched software vulnerabilities: attackers exploit known weaknesses in outdated software or systems.
  • Supply chain attacks: threats introduced through third-party vendors, service providers, or software integrations.

Each of these threats poses a unique challenge, and most successful attacks involve a mix of technical and human weaknesses. This is why threat awareness, technical controls, and leadership involvement are essential to avoiding or at least mitigating the risks.

The majority of successful cyber attacks involve human error. Phishing emails are opened, links are clicked, credentials are entered, and attackers get in, not through systems, but through people. Reducing human-related cyber risk means building consistent awareness, enforcing clear processes, and creating a culture of vigilance and accountability. This may involve regular training tailored to specific roles, real-world scenario exercises, and practical protocols for verifying communications and escalating concerns. Organisations should also limit unnecessary access to sensitive systems and ensure staff know how to recognise and respond to suspicious activity. The goal isn’t to turn every employee into a cybersecurity expert, it’s to give people the tools and confidence to make better decisions.

What’s the difference between cybersecurity consultancy and IT support?

Cybersecurity consultancy is focused on risk: identifying it, understanding it, and reducing it. Consultants look at how systems, behaviours, and business processes expose an organisation to threats, and they provide expert guidance on how to mitigate that risk. IT support is operational: it’s about keeping systems running, fixing issues, managing updates, and ensuring availability. In short: IT keeps the lights on; cybersecurity consultancy makes sure no one breaks in while you’re not looking.

Can small businesses benefit from cyber threat awareness training?

Yes, and arguably they need it more than most. Small businesses are often viewed as easy targets by attackers, as they typically lack in-house security expertise, mature controls, or dedicated risk assessment teams. Yet they still hold valuable data, process payments, and rely on digital systems to operate. Cyber threat awareness training helps small businesses understand where they’re exposed and what can realistically be done to improve defences.

What is penetration testing and when should it be used?

Penetration testing, or ethical hacking, involves simulating real-world cyber attacks on a business’s systems, applications, or networks to identify vulnerabilities, like zero-days, before attackers do. The goal is to find weak points in security, whether technical or behavioural, and to then provide a clear path to fix them. Pen tests are most useful when launching new systems, after infrastructure changes, or on a routine basis as part of a security audit cycle. They should also follow cyber threat awareness training or policy changes to test how well defences hold up in practice. Who Dares Group offers this through trusted global partners, ensuring testing is realistic, controlled, and relevant to each client’s environment.

What is social engineering in cybersecurity?

Social engineering is the manipulation of people to gain access to systems, data, or resources, usually by exploiting trust, authority, urgency, or fear. It’s the human side of hacking and it’s behind many high-profile breaches. Examples include phishing emails, fraudulent calls pretending to be from IT or finance teams, or attackers posing as trusted third parties. The goal is always the same: to get someone to do something they shouldn’t, like clicking a malicious link, sharing credentials, or transferring money. Protecting against social engineering requires awareness, process discipline (e.g. two-person approvals, verbal verification), and a culture that encourages caution over convenience.

How does Who Dares Group support organisations beyond cyber threat awareness training?

While training is a core part of our service, Who Dares Group also support organisations with strategic advisory, executive briefings, response planning, and technical risk validation. Our approach isn’t limited to education; it’s about building long-term resilience. We work directly with leadership teams to assess the level of exposure, develop security strategies, and support policy alignment across departments. We also help implement clear escalation paths and decision frameworks, ensuring the business is prepared for the threats it’s most likely to face.

What is the role of behaviour in cybersecurity risk?

Behaviour is at the centre of most cybersecurity incidents. Whether it’s an employee clicking a link, ignoring an alert, using a weak password, or oversharing access, people are often the entry point. Even advanced technical defences can be bypassed by a single poor decision. That’s why cyber threat awareness, particularly around manipulation tactics, urgency triggers, and authority misuse is critical. Cybersecurity isn’t just about systems; it’s about people understanding how they’re targeted and knowing how to act under pressure. Organisations that train for behaviour, not just process, are far better equipped to spot threats early and respond correctly.

Superyacht Training

What makes Who Dares Group’s superyacht crew training different from standard crew training?

Who Dares Group provides advanced training focused on areas that standard certification does not cover. This includes decision-making under pressure, communication, professional conduct, and team cohesion. The training is not about basic skills or qualifications, it is about improving how the crew think, act, and work together on board.

Why should a superyacht owner invest in this type of training if their crew are already technically qualified?

Qualified does not necessarily mean capable. Your crew may be fully certified, but standard training does not cover how individuals perform under pressure, communicate in difficult situations, or work together consistently over time. Who Dares Group fills those gaps. Our programme helps owners ensure that the crew operate as a high-functioning team, one that is composed, coordinated, and professional in every aspect of their day-to-day responsibilities. It focuses on judgement, conduct, leadership, communication, and security awareness, areas that directly affect guest experience, operational reliability, and crew retention. In short, the training is not about ticking boxes. It’s about raising standards and making sure the crew deliver when it actually counts.

What specific challenges does the training aim to address?

The training provided by Who Dares Group is designed to address specific crew-related challenges that are not covered by standard certification. These include lack of trust within newly formed or mixed-experience teams, inconsistent communication and unclear role boundaries, weak leadership or oversight from senior crew, poor judgement under pressure, low standards of conduct and presentation, and lack of awareness around security and threats. The goal is to strengthen crew performance across all these areas to ensure consistency, professionalism, and operational reliability.

Is this training only for new or inexperienced crews?

No, this training is not limited to new or inexperienced crews. It is designed for any crew where performance, coordination, or standards need to be improved or maintained. For newly formed teams, the training helps build trust, establish expectations early, and develop effective communication from the outset. For experienced crews, it helps address complacency, reset standards, and improve leadership, especially in high-pressure or high-turnover environments. It’s also valuable during periods of change, such as the delivery of a new build, refit handovers, or ahead of a busy charter season, when clear structure, consistency, and cohesion matter most. In short, the training is about improving performance, regardless of experience level.

What does the training cover?

The training delivered by Who Dares Group covers six key areas, each aimed at improving how crew operate, communicate, and perform in demanding settings.

  • Behaviour, judgement, and decision-making: crew are trained to remain calm under pressure, make sound decisions, and act with discretion. This helps prevent errors, improve consistency, and build trust across the team.
  • Security awareness through practical scenarios: realistic, role-specific scenarios are used to train crew in identifying and responding to threats such as unauthorised access, surveillance, or social engineering. The focus is on early detection and controlled escalation.
  • Communication, team coordination, and hierarchy: training develops clarity and consistency in communication, with a strong focus on rank structure, accountability, and cross-department coordination to reduce friction and prevent misunderstandings.
  • Conduct and role expectations: clear standards are reinforced around behaviour, presentation, confidentiality, and guest interaction. Crew are expected to maintain professionalism on and off duty.
  • Leadership and crew stability: senior crew are supported in managing teams effectively, retaining staff, and maintaining performance through transitions such as role changes or handovers.
  • Maintaining standards over time: routine checks, refresher sessions, and internal follow-up are used to ensure that improvements are sustained, not temporary, and that standards become part of daily practice.

Each area is tailored to the crew’s composition and the yacht’s operational priorities, ensuring relevance and measurable outcomes.

How does Who Dares Group ensure the training remains relevant over time?

Who Dares Group ensures the training remains relevant over time by embedding follow-up and reinforcement into the process, not treating it as a one-off session. We offer refresher sessions, periodic reviews, and ongoing support for senior crew to help maintain momentum. Crew are also given practical tools and habits that can be applied day-to-day, ensuring key behaviours and standards are reinforced through normal operations. Rather than relying on formal retraining alone, we focus on creating sustainable routines, clear expectations, and internal accountability, so that the impact of the training is maintained well beyond initial delivery.

How is the training delivered?

The training is delivered in person, either on board or off site, depending on the vessel’s availability and client preference. Delivery is hands-on and structured around practical exercises, scenario-based learning, and direct interaction with the crew. Each session is tailored to the yacht’s operational priorities, crew composition, and working environment. The format avoids classroom-based theory and instead focuses on relevant, role-specific situations that reflect real challenges crew are likely to face. Training can be delivered over one or multiple days, with minimal disruption to schedules.

How long does the training take?

The training typically takes one to three days, depending on the size of the crew, the layout of the vessel, and the areas of focus identified during the initial briefing. Shorter programmes may focus on specific issues like communication or leadership, while full crew training covering all six focus areas is usually delivered over multiple days. Follow-up sessions, refreshers, or departmental training can also be arranged separately to support long-term performance and continuity.

What are the benefits of this training for senior crew?

Senior crew benefit from the training by gaining clearer structure around leadership, team management, and day-to-day coordination. The programme reinforces the chain of command and provides practical tools to help senior members of the crew set expectations, manage performance, and guide less experienced crew effectively. It also improves communication across departments, reducing confusion and inefficiency. For vessels experiencing changeovers or onboarding, the training supports continuity and helps maintain standards during periods of transition. Ultimately, it enables senior crew to lead with more confidence and consistency, which contributes to a more stable, professional, and high-functioning team.

How does this training affect crew morale and retention?

The training provided by Who Dares Group positively affects crew morale and retention by creating a more professional, structured, and cohesive working environment. When expectations are clear, communication is consistent, and roles are properly understood, crews are less likely to experience conflict or frustration. The training also helps individuals feel more confident in their roles, better supported by leadership, and more integrated as part of a functioning team. This reduces unnecessary turnover, improves job satisfaction, and encourages long-term commitment, especially in environments where stability and trust are essential to smooth operations.

Corporate Development

Team Development & Activities

Who is this training designed for?

Our programmes are tailored for corporate teams, emergency responders, and high-performance groups looking to develop leadership, resilience, and teamwork under pressure.

Do participants need prior experience?

No prior experience is required. Our training is designed to challenge all levels, from new teams to seasoned professionals.

Can the programme be customised for our team?

Yes, we offer a flexible structure where you can select sessions that align with your team’s goals, ensuring a bespoke training experience.

What type of activities can we expect?

Activities range from military-style team challenges and leadership simulations to stress management workshops and crisis decision-making exercises.

How long does the training last?

Our training is fully flexible — from impactful one-day experiences to multi-month development programmes. We tailor the duration to suit your team’s goals, availability, and desired depth of learning.

Keynote Talks

Who are your keynote speakers?

Our speakers include former Special Forces operators, military strategists, elite sports coaches, hostage negotiators, and corporate leaders. Every speaker has real-world experience in high-pressure environments and delivers insights that go beyond theory.

How long are the keynote talks?

Most of our keynotes run for 60 minutes, but we can adjust the length to suit your event. We also offer extended sessions with interactive Q&As, workshops, or panel discussions.

Can the keynote topics be customised?

Yes. We tailor our talks to align with your audience, business goals, and event theme. Whether it’s leadership, resilience, crisis management, or performance psychology, we ensure the content is relevant and impactful.

Do you offer virtual keynote talks?

Yes. Our speakers can deliver keynotes both in-person and virtually, ensuring accessibility for global teams and remote events.

How do I book a Who Dares Group keynote speaker?

Get in touch with us to discuss your event, audience, and objectives. We’ll help you select the right speaker and format to ensure maximum impact.

Immersive Experiences

Who are these experiences designed for?

Our events are designed for corporate leadership teams, high-performance groups, and executives who want to develop decision-making, adaptability, and teamwork through real-world challenges.

Do participants need to be physically fit?

No. We offer non-physical options that focus on leadership, problem-solving, and strategic thinking without requiring physical challenges.

How long do the events last?

Most sessions run as full-day experiences, but we also offer half-day and multi-day programmes depending on your team’s needs.

What kind of challenges will our team face?

Challenges are tailored to your organisation but can include crisis leadership exercises, risk assessment scenarios, situational awareness training, and optional live shooting experiences.

Can the experience be customised to our business needs?

Yes. Every event is fully tailored to align with your business goals, industry challenges, and level of intensity.