A licensee must ensure that the board, management, employees and third parties with whom the licensee deal with undergo appropriate training on a regular basis to enhance their awareness and preparedness to deal with a wide range of cyber security risks, incidents and scenarios.