+44 3301 333 307 magma@magmacloud.co.uk
Pillar 06

Security Awareness Training
& Phishing Simulation

Your people are your most targeted attack surface. We design and run awareness programmes that change behaviour — phishing simulations, targeted training, Microsoft Attack Simulation Training, and measurable reduction in human-risk click rates. For UK organisations where culture and security need to move together.

From £TBC — fixed fee, scoped after your Ignite Assessment
The Challenge

Technical controls stop the majority of attacks. People handle the rest.

Over 90% of successful cyberattacks start with a human action — a phishing email clicked, credentials entered on a spoofed login page, a malicious Teams message acted on, a USB drive plugged in. Technical controls have become extremely effective at blocking known attack patterns. Attackers have adapted by targeting the one control you can't patch: the person.

Annual mandatory training videos check a compliance box and change nothing. Effective people security runs continuously — realistic simulations, just-in-time training at the moment of failure, targeted programmes for high-risk groups, and executive-level awareness about business email compromise and CEO fraud. We build programmes that produce measurable reductions in click rates over time, not just training completion metrics.

What We Deliver

People Security Services

What we deliver
  • Phishing simulation campaigns (ongoing)
  • Microsoft Attack Simulation Training setup
  • Security awareness programme design
  • Just-in-time training at point of failure
  • Executive & privileged user programmes
  • Social engineering awareness
  • Business email compromise (BEC) training
  • Security culture assessment
  • Human risk reporting & click rate tracking
  • Policy & acceptable use documentation
Outcomes you can measure
  • Measurable reduction in phishing click rates
  • Higher suspicious email report rates
  • Compliant training completion records
  • Reduced human-factor breach risk
  • Executive team awareness of BEC
  • Culture of security-first decision-making
How It's Delivered

The Magma Cloud Lifecycle

People security is a continuous programme — we baseline your current human risk, design your campaign, run simulations, deliver training, and track improvement over time.

01
Strategy
02
Assess
03
Implement
04
Optimise
05
Manage
06
Assure
Related Security Services
Common Questions

Frequently Asked Questions

Technical controls stop a lot of threats, but not all of them. Phishing, social engineering, and credential theft depend on human interaction. Even with excellent technical controls, a single user clicking a malicious link or sharing credentials with the wrong person can compromise your environment. People security ensures your staff are an active line of defence — not just a liability that technical controls have to compensate for.

Microsoft Defender for Office 365 Plan 2 includes Attack Simulation Training — a built-in platform for running realistic phishing simulations and delivering targeted training to users who fail them. It integrates directly with your M365 tenant and provides reporting on click rates, credential submission, and training completion across your organisation. We configure, run, and report on the campaign for you.

Monthly simulations are the standard recommendation for most organisations. Less frequent than monthly and users become complacent between tests. We design simulation campaigns that vary the lure type, sender, and target group — so users learn to spot a range of real-world attack patterns, not just one template they eventually recognise.

Yes, with the right approach. Generic annual training videos have minimal measurable impact. Targeted, repeated simulation combined with just-in-time training at the point of failure — where a user who clicks a simulated phish immediately sees why and what to look for next time — consistently reduces click rates over time. We measure your baseline click rate and track improvement across each simulation cycle.

Privileged users and executives are high-value targets and often the least likely to complete standard training. We design separate tracks for these groups — including executive-targeted spear phishing simulations, tailored content on business email compromise and CEO fraud, and technical controls that reduce their exposure regardless of their behaviour. High-privilege accounts are treated as a separate risk category.

Start with a Free
Ignite Assessment

The Ignite Assessment

A free 30-minute call with a senior security architect. For people security, you leave with a read of your current human risk exposure, the top three behaviours to target first, and a clear view of whether and how we can help. No pitch deck, no obligation.

  • Free — no charge, no catch
  • 30 minutes with a senior architect
  • Human risk-specific, honest assessment
  • No obligation to proceed
People Security Specialists

Book Your
Ignite Assessment

Whether you need to baseline your click rate, run ongoing phishing simulations, or build an executive security programme — we'll tell you exactly where your human risk sits.

Book Ignite Assessment