Skip to main content
Back to Shop
Phishing Simulation & Awareness Training preview
CYBERSECURITY

Phishing Simulation & Awareness Training

68 phishing templates across 6 countries. Display-name spoofing, no domain purchase needed. Works immediately.

phishingNIS2security-awarenessemail-securitydisplay-name-spoofingCE-2026MFA-mandatoryCyber-Essentials-2026NCSC-2026

🛡️ CYBER ESSENTIALS 2026 UPDATE — EFFECTIVE 28 APRIL 2026

The Cyber Essentials scheme is updated from 28 April 2026 with stricter criteria: mandatory multi-factor authentication (MFA) for all cloud services and admin accounts, tighter password policies, expanded scope for home workers and BYOD devices, and new vulnerability management timelines. All UK government suppliers must meet the updated standard. This product is aligned with the CE 2026 requirements.

📧 91% OF CYBER ATTACKS START WITH PHISHING — NIS2 MANDATES ANNUAL TRAINING

IBM Security: average phishing-caused breach costs £4.2 million. The UK was the most targeted country in Europe in 2025 with 204 nationally significant cyber incidents (NCSC Annual Review). NIS2 Article 21(g) mandates annual security awareness training — and auditors will ask to see the evidence of who was trained, when, and whether they improved.

68 Ready-to-Send Templates. Works in 30 Minutes. No Domain Purchase Needed.

Most phishing simulation platforms offer generic US-centric templates. SummitBridge runs 68 pre-built templates across 6 countries — 20 UK-specific (HMRC, Royal Mail, NatWest, NHS, Companies House), 19 Turkish (Trendyol, Garanti, PTT, Ziraat), 18 global (Microsoft, DocuSign, Adobe, Amazon), plus US, German and French variants. Our display-name spoofing engine makes emails appear from real brands — no domain purchase required.

  • 68 Templates, 6 Countries: UK ×20 · TR ×19 · Global ×18 · US ×5 · DE ×4 · FR ×2 — all ready to send immediately
  • Display-Name Spoofing Engine: Recipients see "HMRC Refund Service" or "Microsoft Security" — from your existing sending domain, no extra domains to buy
  • M365 / Google / Mimecast / Proofpoint Bypass Configs: Pre-configured delivery settings for every major email gateway — no deliverability headaches
  • Real-Time Click Tracking: Per-employee click data, open timing, device used, and link clicked — exportable instantly
  • Auto-Enrolment Training: Employees who click are automatically enrolled in targeted awareness training — no manual intervention required
  • Department-Level Vulnerability Map: See which teams click most — finance, HR, and senior leadership typically click 3× more than technical staff
  • AI-Generated Templates: New attack scenarios generated weekly from live threat intelligence — always current, always realistic
  • NIS2 Article 21(g) Evidence Pack: One-click export of campaign results, training completion rates, and improvement trends — audit-ready for regulators

💷 THE MATHS

£49/month. KnowBe4 equivalent: £3,000+/year. Average phishing breach: £4.2 million. NIS2 non-compliance: up to €10M or 2% of global turnover. One prevented breach pays for thousands of years of this subscription. The training evidence also satisfies cyber insurance underwriter requirements.

📅 How this subscription works — month-1 to month-12

  • Day 1 onboarding: instant portal access, automated onboarding checklist and baseline assessment intake — getting started guide delivered automatically.
  • First week setup: integrations wired, first report generated, MLRO / DPO / IT lead invited to the portal.
  • Ongoing monthly delivery: updated compliance report, new-regulation tracker delta, audit-trail snapshot, continuous regulatory updates aligned to your sector.
  • Cancellation: cancel any time from the portal — no contract lock-in; 30-day data export window after cancellation.

⚠️ Legal disclaimer (COMPLIANCE): This product is provided for information and compliance documentation only; it is not regulatory advice. Read the full disclaimer below or in our Terms of Service before purchase.

NIS2 Article 23 Incident Reporting Awareness Module

Successful phishing is one of the most common triggers for a reportable NIS2 cyber incident. The training programme includes a dedicated awareness module covering Article 23 incident reporting obligations from the end-user perspective:

  • What counts as a "significant incident" — plain-English explanation of NIS2 Article 23 reporting triggers tailored to non-technical staff
  • The first hour after a click — what to do (and not do) in the first hour when a user realises they clicked a phishing link; preserves evidence for the 24-hour early warning window
  • The 24-hour early warning — how user-side actions feed into the IT/security team's 24-hour early warning notification to the national CSIRT
  • The 72-hour formal incident notification — how user testimony and timeline preservation support the 72-hour formal report
  • Reporting without blame — psychological safety messaging so users report fast rather than hide

The module fits within the standard 30-minute awareness training session and is updated when national CSIRT reporting guidance changes.

Cyber Essentials 2026 Coverage (Awareness Tier)

Phishing is the most common path that bypasses every CE 2026 control. The simulation programme reinforces:

  • User access control + MFA mandate — When MFA prompts unexpectedly: stop, don't approve; CE 2026 MFA-on-everything reduces credential-phishing impact; multi-factor enrollment retraining
  • Secure configuration awareness — Why browser warning pages (TLS, blocked downloads) matter; how secure configuration baselines protect users from drive-by attacks
  • Malware protection — Recognising EDR/antivirus alerts; never disabling endpoint protection even when prompted; reporting suspected malware infections
  • Security update management — Why pending Windows / browser / app updates are urgent; how patch lag widens phishing impact
  • Firewalls — Why VPN matters for remote workers; how network boundary controls back up endpoint defences

£49.00/mo

MONTHLY SUBSCRIPTION · No VAT (not registered)

💎 Save with bundle

Get this in SME Cyber Starter Bundle

Save £58/mo (37%) vs standalone →

Delivery: Instant on payment
Refund: 14-day satisfaction guarantee
Instant download after payment
UK GDPR compliant
Secure checkout via Stripe
Not VAT registered — no VAT charged

Trust & Delivery

ICO registered ZC112810

UK Information Commissioner's Office data controller registration.

Companies House 16419201

SummitBridge Horizon Ltd — registered 30 April 2025, London.

14-day satisfaction guarantee

See refund policy for full terms.

Sample materials available

Request a sample

Compare with the market

4 direct and adjacent competitors tracked.

VendorTheir priceThreatvs SBHTheir advantagesOur advantages
KnowBe4

US

$25+ /user/yrCRITICALpricier
Hoxhunt

FI

HIGHsimilar
Proofpoint

US

HIGHpricier
Abnormal Security

US

MEDIUM

Compliance Snapshot

Regulatory posture for this product — for procurement and security teams.

General-purpose (limited- or minimal-risk)

Conformity scaffold in place — formal record not yet published