Skip to content
Awareness-as-a-Service

People are often the first point of attack for attackers -
and at the same time your strongest defense.

Phishing simulations, awareness training, and audit-grade reporting - as one program that runs in weeks. NIS2, ISO 27001, and GDPR aligned. Hosted in Switzerland.

Book a demoHow it works
Hosting Switzerland GDPR & FADP DE / EN content
phishing-detector.aware.as ~ inbound-mail-scan
$analyze --message id_4f2a-9b7c
SPF: pass · DKIM: pass · DMARC: fail
!display-name spoofs "Microsoft 365 Team"
!urgency keywords detected: "within 24h", "account locked"
Phishing
From:no-reply@microsoft-365.support
Subject:Your account will be locked in 24h
Link:https://ms-365-verifizierung.de/...
$report --to learner --as training-moment
Learning card delivered · Quiz due in 24h
The problem

Technology alone isn't enough.

Employees are the most common attack vector - and the only link a firewall can't patch.

94%

of successful cyber attacks start with a human interaction - usually a phishing email.

Source: ENISA Threat Landscape 2025

11 min

average time before an employee clicks a phishing link - often faster than any SOC can react.

Source: Verizon DBIR 2025

CHF 4.2M

average incident cost in the DACH region. Awareness training reduces risk by up to 70%.

Source: IBM Cost of a Data Breach 2025

Three pillars · One program

Awareness that actually works.

Not a 60-minute mandatory course. Continuous training that fits into the workday and measurably changes behavior.

Phishing simulation

Realistic campaigns based on current threats. Employees learn the moment they click - not in an annual mandatory course.

/solutions/phishing-simulation

Awareness training

Micro-learning units of 3–5 minutes. Phishing, social engineering, passwords, MFA, deepfakes - modular and multilingual.

/solutions/awareness-training

Reporting & KPIs

Audit-grade reports for management and CISO. NIS2 compliance mapping, click rates, improvement over time - exportable as PDF and CSV.

/solutions/reporting-kpis
How it works

Ready in four steps.

Onboarding in 14 days. First phishing simulation in week 3. First quarterly report in week 13.

  1. 01 · Day 1

    Onboarding

    SSO/AD integration, user import, language setup, sender-domain whitelist.

  2. 02 · Week 2

    Baseline test

    First simulation without warning. We measure the current state - honestly, without blame.

  3. 03 · Ongoing

    Continuous training

    Monthly micro-learning units, targeted repetition for risk groups, on-click coaching.

  4. 04 · Quarterly

    Reporting & review

    Audit-grade report, trend analysis, NIS2 mapping. We walk through it with you.

Compliance & data protection

Made & hosted in Switzerland.

We know security tools are themselves a risk. That's why we operate on Swiss infrastructure - no Google Fonts, no tracking cookies, no US cloud dependencies.

NIS2
Mandatory mapping & report templates
ISO 27001
Awareness measure per Annex A.7.2.2
GDPR / FADP
Data processing agreement documented
BSI IT-Grundschutz
Module ORP.3 covered
Knowledge & resources

Get to know the attackers.

Free threats library - no account required. Member area for deeper training.

/resources/threats/phishing

Spot & stop phishing

The most common attack - and how your team unmasks it in 3 seconds.

read article →
/resources/threats/ceo-fraud

CEO fraud & BEC

How attackers exploit hierarchy - and why accounting is your most important line of defense.

read article →
/resources/threats/deepfakes-ai

Deepfakes & AI fraud

Voice cloning, fake video calls - what's possible in 2026 and how to spot it anyway.

read article →

Ready to take awareness seriously?

30-minute demo. We'll show you a real phishing campaign, a quarterly report, and the NIS2 mapping - for your industry.

Book a demoContact us