Cyber Security Training & Software for Companies | MetaCompliance


Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters



Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 

Financial Services

Creating A First Line Of Defence For Financial Service Organisations


A Go-To Security Awareness Solution For Governments


A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives



From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

MetaCompliance | Cyber Security Training & Software for Employees


With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes


Meet the MetaCompliance Leadership Team


Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Why is a Data Security Breach a Boardroom Issue?

Data Security Breach

about the author

Share this post

Data security breaches have long since left the domain of the IT department and now sit firmly at the boardroom table: In 2018, British Airways suffered a cyber security breach that resulted in the theft of personal and financial details of customers. The result was far-reaching. As well as a £20 million fine from the UK’s Information Commissioner’s Office (ICO) a class action could end up costing the company billions of pounds. This level of financial cost sits squarely at the board level.

But it isn’t just financial losses that data breaches cause. The company’s customers, employees, operations, and suppliers are all potentially affected. The state of security is such that it has now risen to the top of the company as a critical business consideration. Board members need to be aware of the implications of a security breach and to be ready to take positive action.

What a board needs to know about the impact of a data security breach

Board members have a duty of care to the company and its shareholders. This extends to ensuring that the company protects itself against threats, be they malicious or accidental. In the UK, the fiduciary duties of board directors are set out in the Companies Act 2006, which details a duty to “promote the success of the company” and to “exercise reasonable care, skill and diligence in the conduct of their role”; cyber risks and the response to such threats fit neatly under this duty of care. The types of impact that a cyber-attack can have are detailed below, each can have far-reaching effects on the continued success of a company:

Employee morale

Companies run better with happy and efficient people. If morale is low, productivity drops. A Carbonite report, exploring how a data breach affects employees, clearly shows that staff morale takes a hit after a breach:

  • 25% of employees experience an impact on their work/life balance
  • 24% of employees experienced a drop in office morale
  • 15% of companies fired employees or laid them off, post-breach
  • 11% of companies saw employees quit after a breach

Share price

Board directors are under pressure to ensure that share pieces remain high to retain shareholder confidence. However, there is evidence that data breaches impact share pieces negatively. One of the starkest demonstrations of this was the tumble that Equifax stock took in the aftermath of the company’s data breach of 2017 – dropping over 30% in total before recovering.

Research by Comparitech, carried out over several years, shows that share price impacts are common. The research used companies listed on the New York Stock Exchange and found that share prices fell by -3.5% on average and underperform on the NASDAQ by -3.5%.

Compliance and fines

Regulations around data privacy and protection often come with heavy fines for non-compliance. Two examples of UK companies that have been fined under the EU’s General Data Protection Regulation (GDPR), demonstrate the costs of non-compliance:

Company: Ticketmaster

Fine: 1.4 million euros (£1.2 million)

Why: Insufficient technical and organisational measures to ensure information security

Company Marriott International, Inc

Fine: 20.5 million euros (£17.8 million)

Why: Insufficient technical and organisational measures to ensure information security

In 2020 alone, GDPR fines increased by 19% with a total of $332.4 million worth of fines issued since the law’s enactment in 2018.

Reputation and customer losses

A report from Lloyds and KPMG into intangible asset protection found that in the last 10-15 years 80% of corporate assets can be described as intangible – this includes brand, intellectual property artefacts, and technology driven services. However, one of the more difficult to quantify outcomes of a data leak or breach is reputation impact and customer loss. Putting this into some context, a survey by PwC found that 87% of consumers said they’d take their business elsewhere if a company suffered a data breach.

Employee and C-Suite sackings

Ultimately, a breach can result in lost skills and knowledge. A Radware State of Web Application Security report shows that 23% of companies sacked executives after a breach happened. An example is, again, from the Equifax data breach of 2017. The then CIO was fined $55,000 and received a 4-month prison sentence for carrying out insider trading before the public was notified of the breach.

Downtime costs

Data security breaches have a far-reaching impact across the entirety of a business. The above noted impacts of a breach, do not include other affected areas such as downtime and loss of intellectual property/sensitive company information: Datto explored the costs of downtime after a cyber security breach and found them to have increased by 486% between 2018 and 2020.

Data Security Breach Training

How a data breach can impact a board

A security culture promoted by a tone at the top: Cyber security is the responsibility of the entire organisation from board to employee to third-party consultant and beyond. No one individual, not an IT team or security analyst can take on cyber security threats alone, it is vital to get the Board on-board with security. A robust and sound security posture board takes its tone from the top. When a board takes cyber security seriously, a culture of security is formed that permeates throughout the organisation. This culture is the foundation stone to build cyber security awareness across the entire company network.

Data is valuable: Data and the potential for data exposure is a critical aspect of board oversight. Data breaches are costly affairs: the average cost of a data breach in the UK being £2.8 million ($3.9 million)

Lack of cyber security training at board level: Cyber security knowledge may be an issue for a board. Board directors are rarely from a security background. However, board members should have Security Awareness Training along with the rest of the organisation’s staff.  Training should be relevant and tailored for their role as board members, rather than a ‘one size fits all’ approach. Company employees who have cyber security skills and have excellent communication skills can be employed to help train board members.

Share price impacts of data breaches: As shown, cyber security breaches affect shareholders as share prices are impacted after a breach, therefore board members have a duty of care to understand the implications of data breaches on shareholder value.

Policy sign-off: Cyber security policies, some of which may touch upon sensitive company information, are a fundamental part of a company-wide security strategy that should be acknowledged by, and potentially signed off by, the board or a board member.

A collective sense of responsibility: The leadership team must lead the charge against cyber-attacks. The C-Suite and the board can encourage and promote a shared sense of responsibility that also extends to being aware of accidental data exposure and simple security mistakes that can put an organisation at increased risk.

All in for accountability: The organisation and the individuals that make up that organisation are accountable and responsible for cyber security hygiene. The culture cyber security awareness, promoted by the board, helps shape the training needed to ensure that security hygiene is adhered to by all.

Data Security Breach Fine

Getting on-board with data breach prevention

A report from Grant Thornton found that 73% of companies reported losses of around 25% of revenue after experiencing a cyber breach. This alone is a major reason why cyber security sits squarely in the boardroom. A cyber-attack has major repercussions across all aspects of an organisation. The board plays a pivotal role in helping to create a robust security posture, as well as ensuring that budget is available to provide the right security measures and awareness training.

The aftermath of a data breach can have crippling consequences for organisations and there is inevitably a blame game that follows any cyber incident. Our upcoming webcast titled ‘The Data Breach Blame Game: Employees or Employers?’, May 27th at 3pm BST, discusses the increasingly complex topic of liability and who is responsible when a lapse occurs.

Webcast: The Data Breach Blame Game

Other Articles on Cyber Security Awareness Training You Might Find Interesting