Cyber Security Training & Software for Companies | MetaCompliance


Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters



Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 

Financial Services

Creating A First Line Of Defence For Financial Service Organisations


A Go-To Security Awareness Solution For Governments


A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives



From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

MetaCompliance | Cyber Security Training & Software for Employees


With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes


Meet the MetaCompliance Leadership Team


Stay informed about cyber awareness training topics and mitigate risk in your organisation.

How to Measure the Success of your Security Awareness Training Program

Security Awareness Training

about the author

Share this post

Here are a few ways in which to capture the measure by measure of your Security Awareness Training program.

When a measurement is made about something it gives us data. Whether that data is about the length of a piece of string or that of an employee’s behaviour, when confronted with a phishing email, has changed, this data gives us important insight into a task or project.

The success, or not, of a Security Awareness Training program (SAT) can be measured in more ways than one, and in doing so, provides important insights into the effectiveness of the training. But how to optimise these measurements requires a cross-functional team with vision.

Why Bother Measuring a Security Awareness Training Program’s Effectiveness?

A recent Gartner inc., paper “Take 3 Steps to Prove That Your Security Awareness Program Is Actually Working” sets out the why’s and how’s when measuring an SAT program. The paper, written for security and risk managers, identified three key reasons why measurement of Security Awareness Training is important:

  1. If you can’t show proof that cyber risk is reduced through the program, you won’t get C-level buy-in to continue the Security Awareness Training.
  2. Security Awareness Training is often dropped into an organisation without having a clear vision of what it is trying to achieve. This results in a program that does not achieve the behavioural changes needed to reduce cyber risk. 
  3. Measuring the success of a Security Awareness Training cannot be based on single variables. These programs contain many elements and these need to be captured to show the true impact of an SAT program.

One of the main points of the paper is that a clear vision must set the baseline of a security awareness program. Without this clear vision of what it is you want to achieve ,measurements will be meaningless. Put another way, measurements are more effective if they have a starting point as a comparison. This vision must, however, be directly linked to business outcomes. One way to establish this baseline is by using a cross-functional approach, that is, bringing teams together across organisational boundaries to input into what is important in mitigating cyber risk.

This aligns cyber security vision with business goals; this approach is an ongoing exercise and best practise as cyber attacks cause continuous havoc across all sectors of industry. Business and operational decisions are now intrinsically intertwined with security. The Covid-19 pandemic and work from home mandates demonstrated this point, with the increased security risk of home working; home workers providing more opportunities for cybercriminals to attack a company network via its employees.

But a vision needs demonstrable measures to show it is meeting its remit. Showing a C-level or board how well a program is progressing requires hard facts. This is where measurement comes in.

Three Ways to Measure Security Awareness Training Program Success

The Gartner paper mentions three key things that prove your security awareness program is working. These three areas can be broken down into:


Generate a culture of security-based vision statement: what is it that your organisation needs from the security awareness program? What security behaviours do you want to see come out of employee education on security matters?


Capture the metrics of security behaviour: create security awareness metrics that demonstrate meaningful and positive security behaviour change. These metrics can take the form of traditional security awareness metrics from surveys and phishing simulations, as examples.


Demonstrate risk exposure reduction: show the Cx team trackable changes in security behaviour related to material results in terms of reduced exposure to cyber-risk.

Capturing Metrics and Behavioural Changes

The security vision is the pivot upon which the capture of metrics and behavioural evidence turns. This vision then forms the evidence needed to demonstrate to the Cx team that Security Awareness Training works. There are many ways to measure security metrics, and MetaCompliance has discussed Security Awareness Training measurements in a previous blog post.

Measurement provides quantifiable data that provides the basis for a Return on Investment (ROI) evaluation. But a simple ROI equation does not capture the positive, ongoing, impact of a well-developed security awareness program. The core security vision of an organisation must be mapped to validate end results that see the overall cyber-risk of an organisation reduced. This vision of a secure organisation must map to security-first thinking and associated behavioural change.

To help in your measurement exercise, the Gartner paper talks about “Signature behaviours”, which it describes as “Signature behaviors are those that clearly reflect positive intent and support by end-users for realising the security awareness vision.”

Gartner maps some examples of desired security practices against signature security behaviours:

Practise: All end users use strong passwords

Behaviour: We always use passphrases to construct our passwords used for accessing our work accounts

Practise: Check links before you click them

Behaviour: We are alert to, and report suspicious emails to the IT service desk

As part of your security vision, work with your cross-functional team to develop a set of signature behaviours that can then be used to evidence Security Awareness Training program success.

The Proof of the Pudding Through Better Security

Ultimately, a company wants to see that its investment in a security awareness program is reflected in decreased chances that its data will be breached. By evaluating signature behaviours against threat types, an organisation can enrich a simple ROI equation with added value.

The proof of security training is in the pudding. Over time, a well-planned and effective Security Awareness Training program will show a reduction in cyber attacks. But a strong vision is where this all begins.

Take 3 Steps To Prove Your Security Awareness Training Is Actually Working

Other Articles on Cyber Security Awareness Training You Might Find Interesting