MetaCompliance links breach data to staff risk training

MetaCompliance has added an Exposure Monitoring feature to its human risk management platform, linking breach intelligence with automated staff training and reporting.

The feature checks employee email addresses against verified third-party breach datasets. When it detects exposure, it alerts security teams and assigns short breach-response learning to the affected user. The exposure signal also feeds into the platform's human risk score.

Security teams already receive breach alerts from monitoring services and threat intelligence feeds, but many organisations still treat those alerts as separate from workforce training and behaviour programmes. MetaCompliance is pitching Exposure Monitoring as a way to connect breach exposure to staff actions and risk measurement.

The update comes as social engineering attempts increase and attackers use generative AI. Deepfake-enabled impersonation and more convincing phishing messages are adding pressure on companies to understand how workforce behaviour contributes to incidents and near misses.

MetaCompliance says customers are using Exposure Monitoring to identify a small set of users who account for a disproportionate share of human risk. Organisations are also using the data in board and executive reporting, including trend lines showing changes in high-risk behaviour over time.

The system relies on verified breach information rather than user-reported exposure, helping security teams distinguish confirmed incidents from suspected compromise. MetaCompliance has not named the third-party sources used for verification.

Workflow Integration

Alongside Exposure Monitoring, MetaCompliance has introduced an integration with Microsoft Power BI that pulls human risk data into dashboards and reports. Many organisations use Power BI for executive reporting across finance, operations and risk, allowing security teams to present workforce security metrics alongside other business indicators.

The update also adds Slack-based security prompts delivered in the same tool many employees use for day-to-day communication. Workplace messaging is now a common channel for security reminders, though organisations must balance frequency against the risk of staff tuning out repeated prompts.

MetaCompliance has also expanded its deepfake simulation features, which let organisations test staff responses to AI-enabled impersonation attempts. Deepfake attacks have grown more prominent as audio and video generation tools become more accessible and convincing.

Simulation exercises have traditionally focused on email phishing, but security teams are increasingly testing phone calls, collaboration tools and video meetings. Deepfake simulations reflect that shift in attacker tactics and the expanding surface area for staff-targeted fraud.

Customer Feedback

Ionbond, a MetaCompliance customer, said the new feature supports its approach to measuring workforce risk.

"Since adopting Exposure Monitoring, we finally have real time visibility into where our people are exposed and how that exposure impacts our overall human risk score. No other platform connects verified breach data with targeted learning like this, and it has become essential to how we reduce human driven cyber risk," said Benedict Groppe, Head of IT, Ionbond.

The idea is that breach exposure provides a concrete data point on risk tied to an individual or group. Security teams can then trigger targeted training that reflects the user's context, rather than assigning broad awareness content across the organisation.

MetaCompliance frames this as a move away from training programmes that are difficult to measure. Many organisations still rely on annual security awareness modules, periodic phishing tests and compliance-driven policies. These approaches can show participation and test results, but they often struggle to link behaviour change to incident reduction.

MetaCompliance CEO James Mackay said the company built the features in response to security leaders' concerns about visibility and targeted intervention.

"We know that a lack of visibility into the real cyber risk posed by humans and the limited targeted learning in place to address this is a top concern for CISOs. Threats have evolved but the security industry hasn't always kept pace with that, and CISOs are being expected to manage risk across an unpredictable human landscape. This is often with limited time, resources and confidence that traditional awareness programmes are truly working. At MetaCompliance, we're solving this problem by designing the innovative solutions organisations need to connect real-world data breaches to targeted learning interventions - all to deliver measurable change in human risk," said Mackay.

MetaCompliance says its platform is used by more than 6 million users and is available in more than 40 languages. It expects to add deeper personalisation, more behavioural intelligence and additional integrations as it develops its approach to human risk scoring and automated interventions.