Run phishing simulations that actually change behaviour.
Eight campaign types, four difficulty levels, automated remediation training for repeat clickers. Delivered through our compliance platform with full PCI DSS evidence export.
What we mean by phishing simulation
Phishing simulation is the controlled delivery of phishing-style emails to your own staff to measure susceptibility, drive training, and produce evidence for compliance. Done well, it changes behaviour over time. Done badly, it produces shaming metrics nobody acts on.
The programme is delivered through our compliance platform. Eight campaign types, four difficulty levels, six automatic user risk categories, twelve analytics views, and automatic training-on-failure. Aligned to NCSC anti-phishing guidance and the four-layer defence model (prevention, user support, resilience, response).
Key facts
- Campaign types
- 8
- Difficulty levels
- 4
- Risk categories
- 6
- PCI DSS req
- 12.6
What the platform does
Four headline capabilities. The list is verifiable against the platform behaviour, not editorial framing.
8 campaign types, 4 difficulty levels
Spear Phish, CEO Impersonation, Credential Harvest, Malware Link, Attachment Lure, Invoice Fraud, IT Support Scam, Custom — across Easy, Medium, Hard, Expert.
AI scenario generator
Powered by Claude. Produces ready-to-launch email templates from an objective prompt — accelerates campaign authoring without sacrificing review.
12 analytics views
Per-campaign and per-organisation analytics. Six user risk categories computed automatically from observed behaviour.
Auto-remediation training
Failed simulations trigger micro-training on first/second failure; credential submission or three failures triggers mandatory retraining and a seven-day access restriction.
How a programme runs
Five stages from scoping through audit-ready export. The platform automates the operational steps so the human work is decision making and review.
- 1
Scoping call
30 minutes, freeAudience, frequency, risk appetite, training-on-failure policy. We talk through what kind of programme will produce real behaviour change versus what will produce attendance metrics.
- 2
Programme setup
1–2 weeksUser roster import, scenario library customisation, escalation policy configuration, integration with the training module.
- 3
Campaign launch
Per cadenceConfigurable recurring cadence: Weekly, Bi-Weekly, Monthly, Quarterly or one-off. Send-window staggering, AI-assisted scenarios, automated tracking. Email delivery via AWS SES (the platform’s transactional email infrastructure).
- 4
Behaviour analytics
ContinuousTwelve analytics views; per-user risk categorisation; auto-assigned remediation training. Repeat offenders surfaced automatically; champions recognised separately.
- 5
Audit-ready export
On demandDate-scoped ZIP evidence pack for PCI DSS audit submission (Requirement 12.6). Same export your QSA will accept.
Campaign types
Eight campaign types from the platform’s campaign-type catalogue. Most programmes mix several over a quarter to give a rounded behaviour picture.
Why 1 Sequence Cyber
Built into our compliance platform
Phishing simulation is delivered through the same platform as the training module. Failed simulations automatically assign remediation training, with a single export covering both for audit purposes. No bouncing between vendors.
NCSC-aligned, behaviour-led
Programme design aligned to NCSC anti-phishing guidance — the four-layer defence model (prevention, user support, resilience, response). We do not run programmes that rely on shaming or fear, because the evidence says they do not work.
Ready to run a phishing programme?
Tell us your headcount, your sector, and what is driving the requirement. We’ll come back with a proposal within 48 hours.
Back to all services.