Case Study: How Abraxas Cyber Solutions Transformed Security Culture at Meridian Financial Group

Client Overview

Meridian Financial Group, a mid-sized wealth management firm based in Charlotte, North Carolina, manages over $2.4 billion in assets for approximately 3,500 clients across the Southeast. With 140 employees spread across their headquarters and four regional offices, the firm had built a strong reputation for personalized service and steady growth over their 28-year history. However, by early 2023, their leadership team recognized a critical vulnerability: their employees had become their greatest cybersecurity risk.

The Challenge

The wake-up call came in February 2023 when a senior portfolio manager clicked on what appeared to be a legitimate DocuSign notification requesting urgent review of client documents. Within minutes, the employee had unknowingly provided their Microsoft 365 credentials to a sophisticated phishing operation. Although Meridian's IT team detected and contained the breach before any client data was exfiltrated, the incident exposed a troubling reality. The firm's annual compliance training consisted of a single 45-minute video that employees could complete while multitasking, and there was no ongoing reinforcement or testing of security awareness throughout the year.

Sarah Chen, Meridian's Chief Operating Officer, conducted an internal assessment that revealed alarming gaps in their security culture. Over 60% of employees admitted they weren't confident in their ability to identify phishing emails. The IT department fielded an average of 23 security-related questions per week, many of which revealed fundamental misunderstandings about password security, multi-factor authentication, and safe data handling. Most concerning was that employees in client-facing roles regularly shared sensitive information via unsecured methods because they didn't understand the risks or know the proper procedures.

Engaging Abraxas Cyber Solutions

After evaluating several cybersecurity providers, Meridian Financial Group selected Abraxas Cyber Solutions in April 2023 based on their comprehensive approach to security awareness training and their experience working with financial services firms. Unlike competitors who offered one-size-fits-all training modules, Abraxas proposed a customized program that would address Meridian's specific vulnerabilities while accounting for the varying technical proficiency across different departments. The engagement would include an initial baseline assessment, role-specific training modules, ongoing simulated phishing campaigns, and quarterly progress reviews.

Implementation Phase One: Assessment and Baseline Testing

Abraxas began the engagement with a thorough two-week assessment period in May 2023. Their team conducted anonymous surveys to gauge current security awareness levels, interviewed department heads to understand workflow challenges, and reviewed Meridian's existing security policies and incident reports from the previous 18 months. To establish a measurable baseline, Abraxas launched an initial simulated phishing campaign without prior warning. The results were sobering: 41% of employees clicked on the phishing link, and 28% actually entered their credentials on the fake login page. These metrics gave everyone a clear starting point and demonstrated the urgent need for improvement.

Customized Training Rollout

Beginning in June 2023, Abraxas deployed a multi-layered training program tailored to Meridian's operational reality. Rather than forcing all employees through identical content, they created four distinct training tracks: one for client advisors and relationship managers who handled sensitive financial data daily, another for administrative staff who managed communications and scheduling, a third for IT and operations personnel who needed deeper technical knowledge, and a fourth for executive leadership focused on strategic risk management and incident response protocols. Each track consisted of engaging 15-minute modules that employees completed during designated weekly training windows, ensuring they could focus without disrupting client service.

The training content itself reflected real-world scenarios that Meridian employees would actually encounter. Instead of generic examples, Abraxas created simulations featuring fake emails from supposed regulators requesting audit information, bogus invoices from actual vendors Meridian used, and social engineering attempts that referenced legitimate industry events and conferences. This contextual relevance made the training feel immediately applicable rather than theoretical. Abraxas also incorporated interactive elements including knowledge checks, branching scenarios where employees had to make decisions about suspicious situations, and video testimonials from other financial services professionals who had experienced security incidents.

Continuous Reinforcement Through Simulated Attacks

Where Abraxas truly differentiated themselves was through their ongoing simulated phishing program, which launched in July 2023. Rather than the predictable annual or quarterly tests many organizations conduct, Abraxas sent randomized simulations to different employee groups every two to three weeks. These simulations progressively increased in sophistication, starting with obvious red flags and gradually introducing more subtle social engineering techniques that mimicked actual threats the financial services sector was facing. Employees who clicked on simulated phishing links weren't punished; instead, they immediately received a brief educational moment explaining what indicators they missed and how to report similar emails in the future.

Abraxas provided Meridian's leadership team with a comprehensive dashboard that tracked metrics across the entire organization and within individual departments. The system flagged employees who repeatedly struggled with simulations for additional one-on-one coaching, while also identifying security champions who consistently demonstrated strong awareness and could serve as peer resources. This data-driven approach allowed Sarah Chen and her team to see improvement trends in real-time and adjust their internal communications to reinforce lessons when certain types of attacks proved particularly challenging.

Building a Culture of Security

Beyond formal training modules, Abraxas worked with Meridian to embed security awareness into daily operations. They helped establish a streamlined reporting system where employees could forward suspicious emails to a dedicated address with a single click, and the IT team committed to responding with confirmation within four hours—whether the email was legitimate or a threat. Abraxas also created monthly "Security Spotlight" newsletters featuring brief updates on emerging threats, highlighting employees who had successfully identified and reported real phishing attempts, and providing quick tips relevant to seasonal patterns like tax season scams or holiday shopping fraud that employees might encounter in their personal lives.

Measurable Results

By January 2024, nine months after beginning the partnership with Abraxas, Meridian Financial Group had achieved remarkable transformation in their security posture. The most dramatic improvement came in simulated phishing test results: the click-through rate had dropped from 41% to just 8%, and the credential entry rate had fallen from 28% to less than 3%. More importantly, employees were now proactively reporting an average of 47 suspicious emails per month to the IT team, compared to fewer than 5 per month before the training program began. This represented a fundamental shift from passive vulnerability to active vigilance.

The business impact extended beyond metrics. Meridian successfully thwarted three legitimate targeted phishing campaigns during Q4 2023, with employees identifying and reporting the threats before any credentials were compromised. The firm's cyber insurance provider recognized their improved security posture by reducing their annual premium by 18% at renewal. Perhaps most significantly, client-facing staff reported feeling more confident in their ability to protect client information, which strengthened trust during conversations about data security—an increasingly important topic for high-net-worth individuals concerned about digital privacy.

Ongoing Partnership and Adaptation

As part of Abraxas Cyber Solutions' managed cybersecurity services, the training program continues to evolve based on the emerging threat landscape. When sophisticated AI-generated phishing emails began appearing in the wild in early 2024, Abraxas quickly incorporated examples into Meridian's training modules and simulations. Quarterly business reviews allow both teams to discuss new regulatory requirements, analyze close calls or actual incidents, and adjust the training approach based on feedback from employees and department leaders. This continuous improvement cycle ensures that Meridian's first line of defense—their people—remain prepared for whatever threats emerge next.

Key Takeaways

Sarah Chen reflects that partnering with Abraxas represented a fundamental shift in how Meridian thinks about cybersecurity. "We used to view security awareness training as a compliance checkbox, something we did because regulators required it," she explains. "Abraxas helped us understand that our employees, when properly trained and empowered, could actually be our strongest defense against the threats that keep me up at night. The investment has paid for itself many times over, not just in avoided incidents but in the confidence our team and our clients have in our ability to protect what matters most." For Abraxas Cyber Solutions, Meridian's success story exemplifies their core philosophy: that proactive awareness, continuous education, and real-world application create a culture of security that transforms risk into resilience.