What's New in MyCompliance

We’ve made several updates to Workflows to give customers more control over who the workflow rules apply to and to increased mitigation for high risk users. More info here.

What’s new:

• Group-based workflows
  You can now set workflows to run only for users in a specific group.
• Risk score workflow
  You can now create a workflow that notifies a user’s manager, enrol them on a course or campaign  when they reach a specific risk level.

Why it matters

• More control over who receives notifications, courses and campaigns
• Increased mitigation for medium and high risk users

Customers can start using these updates now by going to Workflows and clicking the + icon under step 2. The risk score step will only be available if ‘Monthly’  has been selected for step 1.

Our July 2025 release is here – featuring fresh insights on Essentials, Focused Titles, Healthcare, and US Data Protection.

Get the full breakdown in our monthly content overview.

You can now search within the recurring phish victims report. This builds on the recent filter improvements, making it even easier to find exactly what you need.

No more hunting for the perfect image size – when uploading a custom PDF or MP4 learning experience, a default image is now automatically included saving you time and hassle.

An update to how archived phish campaigns are handled:

Once a phish is archived, any user interactions that happen after archiving will no longer be included in reports. This update is all about improving clarity in reporting so there’s no change to the user experience.

Introducing our USB attack simulator: A simulated USB drop attack that helps organisations identify and educate employees who may unknowingly expose systems to USB-based threats. This hands-on tool raises awareness and reinforces best practices for handling external devices.

More information here

Introducing Leaderboards – Let the Friendly Competition Begin!

We’re thrilled to launch Leaderboards, a powerful new gamification feature designed to boost engagement, drive adoption, and build community through healthy competition.

With customizable metrics and rankings, Leaderboards let you:

• Recognize top performers and celebrate achievements
• Motivate participation through friendly rivalry
• Foster connection with shared goals and visible progress

Ready to rise to the top? Start climbing the Leaderboard today!

Further Info.

We’re improving how PDF Learning Experiences are displayed.

Going forward, we will no longer use iframes. Instead, all PDFs will be shown using Adobe’s PDF Embed API. This change will:

• Ensure PDFs display correctly on all browsers and devices

• Improve the viewing experience on both desktop and mobile

• Apply to both MetaCompliance-created and customer-uploaded PDFs

This update makes it easier to view and interact with your learning content.

We’re excited to announce new filtering capabilities for the recurring phish victims report, designed to deliver more accurate insights.

What’s New:

Advanced Filtering Controls

• Filter by specific campaigns and/ or date ranges
• Include or exclude test campaigns, outdated simulations, and irrelevant data
• Focus your analysis on the metrics that matter most to your organisation

Customised Data Export

• Export filtered reports with only the data you need
• Maintain consistent formatting across all your exported reports
• Share relevant insights with stakeholders without manual data cleanup

Key Benefits

• More Accurate Analysis: Transform your data from broad overviews into targeted, actionable intelligence
• Time Savings: No more manual filtering or data cleanup
• Stakeholder Ready: Export clean, focused reports for leadership presentations

Getting Started

The new filtering options are available today – Look for the “Filter” button in the top navigation of your recurring phish victims report:

Say hello to faster, smarter quiz creation with the Question Bank — a centralized repository of expertly curated cybersecurity questions. From phishing to password hygiene, build tailored quizzes in minutes using pre-approved, multilingual content designed for global teams.

With smart search, role-based tagging, and full editing flexibility, admins can now deliver relevant, impactful training that aligns with your organization’s unique security goals. View More.

Customers now have the ability to easily create and save custom risk score reports based on departments linked to user accounts. Segment data with department-level filtering, visualise & compare risk levels using interactive bar charts, and drill down for deeper insights. Instantly see how many users fall into low, medium, or high risk categories per department. See here for more information.

Customers can now tailor risk score bandings to align with your organisation’s security criteria. This feature lets you define which risk scores fall into the low, medium or high risk categories, ensuring more accurate user classification. View more information here.

Admins can now benchmark their company’s employee risk score against industry peers using our new Industry Comparison Dashboard. View your performance with three key charts:

• Your Average vs Industry Average

• Your Average vs Other Industries

• Average Risk Factor Weighting

These insights help identify performance gaps, guide risk strategy, and improve prioritisation. Your scores update daily; industry data refreshes monthly.

Available now under Risk Dashboard > Industry Comparison. View here for more information.

If you choose “Create Your Own Phish” and copy one of our existing templates, the attached data form is now automatically included in the copied HTML. This makes it easy to edit and use the original form, even when customizing the email content—no need to re-add it manually.
You also still have the flexibility to create your own custom form if you prefer.

We’ve upgraded our phish overview audits to give you full visibility into every user interaction on a phish. Instead of logging only the latest action IP, the system now records every interaction with a unique timestamp and IP address.

What’s new

• Complete Interaction History: No more overwriting—every action is logged and preserved.
• Chronological Timeline: See all user interactions in order, directly from the reports.
• Clear Differentiation: Easily distinguish between opens, clicks, reports, data entries etc.
• Download all IP logs: Download a complete list of interaction IP addresses for in-depth investigation or external analysis as needed.

Why It Matters:

• Full visibility into user behaviour across multiple interactions.

• Better analysis of false positives and potential vulnerabilities.

• Stronger compliance with audit-ready logs.

More info here

We’re excited to announce a new feature that allows you to upload your own PDF certificates, assign these to your courses and present these to users upon course completion.

Why This Matters:

• Brand Consistency: Maintain your brand’s identity across all certificates.
• Global Reach: Create a certificate in any language to cater to a diverse audience.
• Personalization: Ensure each certificate is personalized with the user’s details (Placeholders).

To ensure this functionality works smoothly, please embed the following placeholders as text fields in your certificate design:

• [UserName]
• [CourseName]
• [Date]

Important Reminder: Placeholders are essential for this feature to function correctly. Make sure to include them in your certificate design. More information on this feature and placeholder guidelines can be found here.

To make cross-referencing reports easier, we’ve enhanced our overview audits to include key user details – all in one place.

Now, when exporting audits, you’ll have access to these additional fields:
✅ Role
✅ Registered Date
✅ Username
✅ Group Name (shows you all groups a user is in)
✅ Join Date
✅ Category

With this update, you can export all relevant user and audit data from a single location – no more jumping between different reports. More info here

Further to this, an additional column has also been added to the Learning Overview report to indicate if a user completes an available Pre-test – ‘Completed Pre-test’. More info here

The ‘Completed Pre-test’ field can also be output via the Customer API if available.

This minor update has been made to the weekly “Export Audits” feature (available within the Overview Reports) to list the most recent audits first, instead of the oldest.

• Automatic Branding on Phish – Company logos are now automatically applied to simulations and exit summaries for a consistent experience, with the option to override per simulation. More info here
• Template-Specific Learning Experiences – Assign different training content to each phishing template, ensuring more relevant learning for users.
• Difficulty Ratings – Filter templates by Easy, Intermediate, or Advanced levels to align with training objectives. More info here
• Data Forms Filter – Easily identify phishing templates that support form attachments, simplifying campaign setup.

• Multi-Lingual Custom Learning Experiences – Create and manage custom learning experiences in multiple languages with a streamlined HTML copy function.
• Simplified Learning Experience UI – Policy and survey Learning Experiences have been removed to focus on the most effective training options.

We’re excited to announce that Triggers is now Workflows, bringing a more powerful and intuitive automation experience. As part of this update, Workflows is moving to the main menu for easier access, and we’re introducing Template Workflows to help you automate key processes effortlessly.

What’s New?

• Relocation – Triggers is now Workflows, accessible from the main menu.

• Template Workflows – Get started quickly with pre-built automation for critical tasks.

• Enhanced Automation – Set custom rules, trigger real-time actions, and streamline operations.

With Workflows, you can eliminate manual tasks, boost efficiency, and ensure seamless automation tailored to your needs. More info here

We’ve introduced a Bulk Delete Users feature that allows admins to upload a spreadsheet of users for deletion, streamlining the process and ensuring faster removal of inactive or unauthorized accounts. More info here

We are pleased to advise that SCORM transfer courses can now be downloaded in any of the following versions for use within a 3^rd party LMS:

• SCORM 1.2 (existing)
• SCORM 2004 v2 (new)
• SCORM 2004 v3 (new)
• SCORM 2004 v4 (new)

For more information on how to export Courses via SCORM Transfer click here.

You can now reset progress for any user that has started or completed a course. This feature is useful if the user is required to complete the course again, or if they experienced an issue when completing in the first instance. View More.

We’re introducing the ability to update templates in live courses. With this new functionality, admins can seamlessly update course content while maintaining the integrity of existing reports and campaign structures. By enabling minor version changes to templates, users accessing the course will automatically see the most current content.

By allowing seamless updates to live courses, admins can deliver dynamic, relevant training while preserving consistency and simplifying compliance.

More information here

Business Users can now make their courses public without needing Admin support. The “Make Private” option is now available for courses and policies when the “Access Target Tree” permission is enabled for Business Users, making content management more seamless and efficient. View more.