Cyber Security Training & Software for Companies | MetaCompliance


Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters



Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 

Financial Services

Creating A First Line Of Defence For Financial Service Organisations


A Go-To Security Awareness Solution For Governments


A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives



From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

MetaCompliance | Cyber Security Training & Software for Employees


With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes


Meet the MetaCompliance Leadership Team


Don't let you staff take the bait!


What is Phishing?

In today’s increasingly digital world, so much of what we do, whether it’s for business or pleasure, is carried out online. This increase in online activity has resulted in a massive explosion in cybercrime.

Cybercrime has become a powerful tool for criminals looking to steal our personal data and extort money. The speed, anonymity and convenience of the internet has enabled criminals to launch highly targeted attacks with very little effort.

According to a recent report from cybersecurity firm Norton, cybercriminals stole a total of £130bn from consumers in 2017, including £4.6bn from British internet users.

The most successful and dangerous of all the cyber-attacks is phishing. Research has found that 91% of all cyber attacks start with a phishing email.

Phishing continues to be the most common form of cyber-attack due its simplicity, effectiveness and high return on investment. It has evolved from its early days of tricking people with scams of Nigerian prince’s and requests for emergency medical treatment. The phishing attacks taking place today are sophisticated, targeted and increasingly difficult to spot.

Dans le monde de plus en plus numérique d’aujourd’hui, une grande partie de nos activités, qu’il s’agisse d’affaires ou de loisirs, se déroulent en ligne. Cette augmentation de l’activité en ligne a entraîné une explosion massive de la cybercriminalité.

Les techniques d’ingénierie sociale sont devenues un outil puissant pour les cybercriminels qui cherchent à voler nos données personnelles pour extorquer de l’argent. La vitesse, l’anonymat et la commodité d’Internet leur ont permis de lancer des cyberattaques très ciblées avec très peu d’efforts.

Selon une récente étude sur la protection des données de Dell Technologies, en 2021, 37 % des entreprises disaient avoir subi un incident cyber avec perte d’accès aux données. En 2022, elles étaient 48 % et la cyberattaque est devenue la première cause d’interruption d’activité avec 86 % des organisations ayant connu au moins une interruption de service au cours des douze derniers mois.

La plus réussie et la plus dangereuse de toutes les cyberattaques est l’hameçonnage. Des recherches ont montré que 91 % de toutes les cyberattaques commencent par un courriel de phishing.

Le phishing reste la forme la plus courante de cyberattaque en raison de sa simplicité, de son efficacité et de son retour sur investissement élevé. Il a évolué depuis ses premiers jours où il consistait à tromper les gens avec des arnaques nigérianes et des demandes de soins médicaux d’urgence. Les attaques par hameçonnage qui ont lieu aujourd’hui sont sophistiquées, ciblées et de plus en plus difficiles à repérer.

The Ultimate Guide to Phishing

The staggering number of emails sent every day around the world means that it's an obvious attack method for cybercriminals. Radicati Group have estimated that 3.7 billion people send around 269 billion emails every day.

The Ultimate Guide to Phishing

Researchers at Symantec suggest that almost one in every 2,000 of these emails is a phishing email, which means around 135 million phishing attacks are attempted every day.

Types of Phishing Attacks

Phishing attacks come in many different forms but the common thread running through them all is their exploitation of human behaviour. The following examples are the most common forms of attack used.

The Ultimate Guide to Phishing

Spear Phishing

Spear - Phishing is a more targeted attempt to steal sensitive information and typically focuses on a specific individual or organisation. These types of attack use personal information that is specific to the individual in order to appear legitimate.

The cybercriminals will often turn to social media and company websites to research their victims. Once they have a better understanding of their target, they will start to send personalised emails which include links which once clicked, will infect a computer with malware

The Ultimate Guide to Phishing


Vishing refers to phishing scams that take place over the phone. It has the most human interaction of all the phishing attacks but follows the same pattern of deception. The fraudsters will often create a sense of urgency to convince a victim to divulge sensitive information.

The call will often be made through a spoofed ID, so it looks like it's coming from a trustworthy source. A typical scenario will involve the scammer posing as a bank employee to flag up suspicious behaviour on an account. Once they have gained the victim’s trust they will ask for personal information such as login details, passwords and pin. The details can then be used to empty bank accounts or commit identity fraud.

The Ultimate Guide to Phishing


What distinguishes this category of phishing from others is the high-level choice of target. A whaling attack is an attempt to steal sensitive information and is often targeted at senior management.

Whaling emails are a lot more sophisticated than your run of the mill phishing emails and much harder to spot. The emails will often contain personalised information about the target or organisation, and the language will be more corporate in tone. A lot more effort and thought will go into the crafting of these emails due to the high level of return for the cybercriminals.

The Ultimate Guide to Phishing


Smishing is a type of phishing which uses SMS messages as opposed to emails to target individuals. It is another effective way of cybercriminals tricking individuals into divulging personal information such as account details, credit card details or usernames and passwords. This method involves the fraudster sending a text message to an individual’s phone number and usually includes a call to action that requires an immediate response.

The Ultimate Guide to Phishing

Clone Phishing

Clone Phishing is where a legitimate and previously delivered email is used to create an identical email with malicious content. The cloned email will appear to come from the original sender but will be an updated version that contains malicious links or attachments.

How Phishing can Damage Your Business

Attacks against businesses have almost doubled in the last five years and the damage from a phishing attack to a business can be devastating. Over the years, businesses have lost billions as a result of phishing attacks. Microsoft estimates that the potential cost of cyber-crime to the global community is a staggering 500 billion and a data breach will cost the average company about 3.8 million.

Despite having the strongest security and defence technologies in place, cybercriminals will often exploit the weakest link in a company’s defences which is often its employees. Just one human error can result in a massive loss of sensitive data.

Research from Cisco found that 22% of breached organisations lost customers in the immediate aftermath of an attack, demonstrating just how seriously consumers take the security of their data.

A successful phishing attack can result in:


Identity Theft


Theft of Sensitive Data


Theft of Client Information


Loss of Usernames and Password


Loss of Intellectual Property


Theft of Funds from Business and Client Accounts


Reputational Damage


Unauthorised Transactions


Credit Card Fraud


Installation of Malware and Ransomware


Access to Systems to Launch Future Attacks


Data so to Criminal Third Parties

It is vital that businesses take steps to ensure they are doing all they can to educate staff on the dangers of a phishing attack. Training employees in how to effectively recognise a phishing attempt is key in mitigating the risk to an organisation.

For further information on how you can protect your business from phishing attacks, click here.

For further information

on how you can protect your business from phishing attacks

Top Tips to Spot Phishing Attacks

Identifying a phishing email has become a lot harder than it used to be as the criminals have honed their skills and become more sophisticated in their attack methods. The phishing emails that we receive in our inbox are increasingly well written, personalised, contain the logos and language of brands we know and trust and are crafted in such a way that it is difficult to distinguish between an official email and a dodgy email drafted by a scammer.

McAfee estimates that 97% of people around the globe are unable to identify a sophisticated phishing email so the cyber criminals are still successfully tricking people into giving away personal information or downloading malware. Despite the increasing sophistication and convincing nature of these emails, there are still some giveaway signs that may alert us to the presence of a phishing email.


1. A mismatched URL

One of the first things to check in a suspicious email is the validity of a URL. If you hover your mouse over the link without clicking on it, you should see the full hyperlinked address appear. Despite seeming perfectly legitimate, if the URL does not match the address displayed, it is an indication that the message is fraudulent and likely to be a phishing email.

2. The email requests personal information

A reputable company will never send out an email to customers asking for personal information such as an account number, password, pin or security questions. If you receive an email requesting this information, it is likely to be a phishing email and should immediately be deleted.

3. Poor spelling and grammar

Cybercriminals are not renowned for their top-quality spelling and grammar. Whenever legitimate companies send out emails to customers they are often proofed by copywriters to ensure the spelling and grammar is correct. If you spot any spelling mistakes or poor grammar within an email it is unlikely to have come from an official organisation and could indicate the presence of a phishing email.

4. The use of threatening or urgent language

A common phishing tactic is to promote a sense of fear or urgency to rush someone into clicking on a link. Cyber criminals will often use threats that your security has been compromised and that urgent action is required to remedy the situation. Be cautious of subject lines that claim your account has had an “unauthorised login attempt” or your “account has been suspended”. If you are unsure if the request is legitimate, contact the company directly via their official website or official telephone number.

5. Unexpected correspondence

If you receive an email informing you that you have won a competition you did not enter, or a request that you click on a link to receive a prize, it’s highly likely to be a phishing email. If an offer seems too good to be true, it usually is!

How to protect yourself against Phishing Attacks

The Ultimate Guide to Phishing

1. Never click on suspicious links

The most common type of phishing scam involves tricking people into opening emails or clicking on a link which may appear to come from a legitimate business or reputable source.

By creating a sense of urgency, users are tricked into clicking on a link or opening an accompanying attachment. The link may direct you to a fake website where you are prompted to enter your personal details or take you to a website that directly infects your computer with ransomware.

Legitimate businesses will never send emails requesting you click on a link to enter or update personal data.

The Ultimate Guide to Phishing

2. Educate Staff

Companies may have the strongest security defence systems in place, but it offers little protection if cyber-criminals are able to bypass these traditional technological defences and get straight to an employee to trick them into divulging sensitive information.

Over 90% of all successful cyber attacks are a result of information unknowingly provided by employees. As networks become harder to breach, hackers are increasingly targeting what they perceive as the weakest link in a company’s defences – its employees!

As hackers hone their techniques and become more targeted in their attacks, it’s important to educate staff and provide regular training on what they should be looking out for and how they can play their part in preventing a cyber-attack.

Don't let your staff take the bait!

MetaPhish has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combatting cyber-crime. If you would like more information on how this can be used to protect and educate your staff.

The Ultimate Guide to Phishing

3. Be careful what you post online​

The internet and social media has transformed how we communicate with each other on a day to day basis, however this culture of sharing has provided cyber criminals with an easy way to profile potential victims ensuring their phishing attempts are more targeted and harder to spot.

Hackers are turning to social media sites to access personal information such as age, job title, email address, location and social activity. Access to this personal data provides the hackers with enough info to launch a highly targeted and personalised phishing attack.

To reduce your chance of falling for a phishing email, think more carefully about what you post online, take advantage of enhanced privacy options, restrict access to anyone you don’t know, and create strong passwords for all your social media accounts.

Read our guide to protecting yourself from hackers

To reduce your chance of falling for a phishing email, think more carefully about what you post online, take advantage of enhanced privacy options, restrict access to anyone you don’t know, and create strong passwords for all your social media accounts.

The Ultimate Guide to Phishing
The Ultimate Guide to Phishing

4. Verify the security of a site

Before entering any information into a website, you should always check that a site is safe and secure. The best way to do this is to look at the URL of a website. If it begins with a “https” instead of “http” it means the site has been secured using an SSL Certificate (S stands for secure). SSL Certificates ensure that all your data is secure as it is passed from your browser to the website’s server. There should also be a small padlock icon near the address bar which also indicates the site is secure.

The Ultimate Guide to Phishing

5. Install Anti-Virus Software

Anti-virus software is the first line of defence in detecting threats on your computer and blocking unauthorised users from gaining access. It is also vital to ensure that your software is regularly updated to ensure hackers are unable to gain access to your computer through vulnerabilities in older and outdated programmes.