Cyber Security Training & Software for Companies | MetaCompliance


Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters



Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 

Financial Services

Creating A First Line Of Defence For Financial Service Organisations


A Go-To Security Awareness Solution For Governments


A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives



From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

MetaCompliance | Cyber Security Training & Software for Employees


With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes


Meet the MetaCompliance Leadership Team


Stay informed about cyber awareness training topics and mitigate risk in your organisation.

People-Centric Security Awareness

Security awareness culture

about the author

Share this post

The best way to stop people-centric security attacks is to create a people-centric security awareness culture. Here is how to do just that.

A great business is built upon great people: an organisation depends on having staff they can rely on, who do a good job, and who can be trusted. People make a business tick, but they can also make it fall. Cybercriminals are people-centric too.

In 85% of cyber attacks, a human being is needed to perform some action to the benefit of the attacker: this may be a click of a link in an email; the download of an infected attachment; entering login and password credentials to a spoof website; or something similar.

What Exactly is a People-Centric Security Awareness Culture?

The statistics speak for themselves, human behaviour is open to manipulation and the result is ransomware, data breaches, and general IT and business damage and disruption. In 91% of cases, a cyber attack begins with a phishing email, according to a report from Deloitte. Social engineering-based cyber attacks, of which phishing is an example, increased by 270% in 2021.

A MetaCompliance post “Social Engineering: Hacking the Human” explored the deep-rooted aspects of human behaviour that cybercriminals take advantage of. It is the breaking down of poor security behaviours to turn them into positive security behaviours that drive a people-centric security awareness culture: people are the focus of cybercriminals, and in turn, they are the best way to tackle cyber-attacks.

Empowering employees with cyber security scam know-how builds a security-first mindset in the people on the front line of attacks – our staff. By using the right approach in delivering and cultivating this security awareness, the result is the formation of a people-centric security awareness culture.

The Components of a People-Centric Security Awareness Culture

A culture is defined by the norms and behaviours that make up a group or a society. In other words, the term “culture” describes the way of life and the belief system that a group of people uses to create a sustainable society.

Typically, a culture will have woven into its matrix, systems that make life easier and more successful for the individuals within that society. An organisation, in the same way as a group, village, city, or country, can create a culture, as it too, is made up of individuals.

Good security practice requires a behaviour change in employees that benefits from baking these security behaviours into a culture: this is best achieved by ensuring that security becomes an intrinsic part of the overall corporate culture. However, awareness alone does not create this culture. Here are the components needed to create a people-centric security awareness culture:

Set Expectations

Set a baseline of expected security behaviours.

This baseline is established from understanding the current security posture of your organisation and what needs to be done to improve it. Various methods can be used to collect the data needed to establish the required baseline of good security behaviour. This includes quantitative metrics from running initial tests using phishing simulation programs and qualitative input from surveys and discussion groups.

This intelligence gathering exercise is then mapped to a Security Awareness Training program to deliver people-focused education. This mapping of known security behaviour weaknesses to the people in the workforce, helps to establish an effective and tailored program of education that can be used to influence behaviour across individuals, departments, and the entire organisation.

Delivered from this baseline, with a set of clear expectations, gives the workforce a pathway to follow that helps to establish the creation of a security-first culture.

  • Establish your baseline of expected behaviour and use this to tailor your people-centric security awareness program.

Learn Socially

People want to be part of something bigger than themselves.

Cultures are built upon the backbone of human social interaction. Theories in cultural evolution offer explanations on how cultures develop. One of these theories concerns social learning: people learn best through observation of their peers and modeling of scenarios e.g., stories. Culture is born from people passing information, knowledge, and skills between each other.

Folktales are a great example of social learning often designed to change behaviour, e.g., don’t go into the forest alone, otherwise, the big bad wolf will eat you; many tales can be traced back across multiple world cultures over millennia. Learning about security awareness should be a cooperative venture with employees working together, learning socially, interactively, and engagingly.

Learning security awareness using social learning type scenarios, typically involves the use of games, interactive modules, and input from expert educators. The use of experts is associated with the concept of “prestige-biased social learning” in humans, which is known to help adults learn difficult concepts.

  • Choose a cyber security awareness program that offers engaging content that incorporates personalised content and creates positive security behaviour that can be shared.

Sustain Positive Security Behaviour

Part of creating a successful people-centric security awareness culture is through effective persistence.

Sustaining positive security behaviour requires continued Security Awareness Training. There is a two-fold reason for regular training in security awareness. Firstly, regular training updates ensure that the changing threat landscape is reflected in the training packages. This is vital as cybercriminals are continuously changing their behaviour and tactics to trick employees more easily. Secondly, regular training keeps security at the forefront of the minds of employees and this helps to maintain the corporate security culture.

  • Maintain a security culture by carrying out regular Security Awareness Training updates.

Value Input from Employees

Security is everyone’s responsibility; remove the blame from your culture.

A PwC study found that almost three-quarters of those surveyed were in fear of reprisal if they reported security issues. A culture of security can only persist if fear is removed from the equation. Don’t blame an employee who accidentally opens a phishing message and clicks on a malicious link. Instead, use it as a learning exercise.

Make sure that your employees know that they are part of the solution, not part of the problem. Make reporting of security incidents an intrinsic part of your wider people-centric security awareness culture. Give employees the tools to make reporting easy and part of their everyday work life. Show them how security reporting leads to better cyber security detection and prevention.

  • Empower your staff with security incident reporting.

A people-centric security awareness culture is not created overnight. However, by putting the right structures in place, your organisation will quickly begin to see the development of persistent and positive, information security behaviours.

10 Ways to Improve Staff Cyber Security Awareness

Other Articles on Cyber Security Awareness Training You Might Find Interesting