Give your colleagues exactly the kind of support they need - and want - to make better cybersecurity decisions.
Human risk metrics help you understand, measure, and manage the cybersecurity risks associated with human actions.
Not because humans are the weakest link, but because it’s much more effective to engage people on their terms.
Human cybersecurity risk metrics collects anonymized insights from every interaction with the Secure Practice toolkit, including:
quizzes, surveys, newsletters and more.
Use them to understand the specific challenges your colleagues have and engage them in compelling activities to improve those security KPIs.
To help people be safe at work and at home, we need data about their actions. But we don’t have to sacrifice their privacy to get it.
Our unique, privacy-friendly approach doesn’t reveal individual risk scores.
Instead, it maps risk factors (tags) to anonymous behavioral data and dynamically group people based on their learning interest plus knowledge of specific topics (scams, email security, self efficacy, etc).
The total risk score of your organization gives you a helpful KPI to track big-picture progress.
Since you can break down this score into clearly defined risk areas and corresponding risk factors, it’s easy to notice and prioritize areas of improvement.
By making security behaviors measurable, human risk metrics provide powerful arguments for a bigger budget when reporting to executives, and proof for return on investment.
Forcing someone who fails a single phishing test into a generic course feels more like a punishment than a learning opportunity. Outdated and ineffective, these very transactional methods alienate people.
At Secure Practice, we use human risk metrics to observe behavior patterns over time, without compromising privacy. This allows for tailored follow-ups like micro-courses or exercises, ensuring upskilling aligns with evolving needs.
With 100+ pre-configured risk factors, it’s easy to get started with human risk metrics.
Together, these factors create the Human Risk model, which you can customize for your organization. Rename them, add new ones, and adjust their impact.
Organize them into your security program's key areas such as identity, devices, information and scams, plus compliance and motivation to gauge knowledge and interest.
We’ve built a dashboard to help us monitor security maturity KPIs and security culture metrics are part of it. Human risk metrics help us break them down for each business area and prioritize our actions to meet both stringent compliance requirements and our colleague’s needs and interests.
Power up your security awareness with program top-notch data, not surveillance. Make your team feel safe to act and engage - not blamed.
Our privacy-first data collection approach lets you help vulnerable groups with targeted training without exposing individual behavior.
Automatically group your team by their cybersecurity interest (positive, neutral, negative) and knowledge (low, neutral, high).
Spot the eager learners and the savvy skeptics, and tailor their learning journey to fit their needs. Let's meet them where they are and grow from there!
Discover your team's true cyber skills through their own actions, all while keeping their identities anonymous.
Spark their cybersecurity growth with exciting activities: live exercises, handy guides, or bite-sized courses from our gamified e-learning catalog.
Let's make security practice a positive, rewarding experience!
Move on from one-size-fits-all training that mismatches skills and needs, pushing basics onto experts and complexities onto novices.
Campaigns can’t match individual needs. But learning based on human risk metrics can.
Use them to craft bespoke, positive learning journeys that respect colleagues’ pace and privacy. Make security practice safe, personal, and just right.
Your organization craves a smarter, data-driven approach to security training, setting priorities, and making progress.
Our anonymous, aggregated human risk metrics are your ticket to meeting these essential needs. This scalable model helps with compliance, keeps your attack surface in check, and lets you benchmark groups internally - however you define them.
