CASE STUDY
Human Risk Management
Learn how a leading engineering company transformed its security culture in less than six months.
Challenges
Staff Data Protection Behavior
_____________
As a leading engineering company with a trusted reputation, this customer needed to ensure its staff were well-versed in data protection.
Staff Data Protection Behavior
As a leading engineering company with a trusted reputation, this customer needed to ensure its staff were well-versed in data protection.
Increase in Phishing Threats
_____________
With phishing attacks increasing in frequency and sophistication, employees needed to be assessed and trained in spotting these attacks.
Increase in Phishing Threats
With phishing attacks increasing in frequency and sophistication,
employees needed to be assessed
and trained in spotting these attacks.
Reducing the Human Error
_____________
With human error being the number one cause of data breaches, training employees on general cybersecurity best practice is vital.
Reducing the Human Error
With human error being the number one cause of data breaches, training employees on general cybersecurity best practice is vital.
Objective |-The Road to Reducing Risk
Given the challenges this customer was experiencing, they set out to assess their existing employee security posture in order to identify their biggest human risk areas and then strengthen these vulnerable areas through regular user training, phishing simulations and dark web monitoring.
Gap Analysis
_____________
An initial gap analysis questionnaire will be sent to each employee to assess their security knowledge gaps, highlighting in which areas they most need training.
Gap Analysis
An initial gap analysis questionnaire will be sent to each employee to assess their security knowledge gaps, highlighting in which areas they most need training.
End-User Training
_____________
Using the gap analysis results, employees will be enrolled onto a personal training program that sends one course per week, with a minimum pass score set at 85%.
End-User Training
Using the gap analysis results, employees will be enrolled onto a personal training program that sends one course per week, with a minimum pass score set at 85%.
Breach Monitoring
_____________
Ongoing dark web monitoring will be run to help identify and prevent early-stage cyber-attacks that could leverage stolen employee credentials for phishing.
Breach Monitoring
Ongoing dark web monitoring will be run to help identify and prevent early-stage cyber-attacks that could leverage stolen employee credentials for phishing.
Phishing Simulations
____________
Periodic phishing simulations will be deployed in order to track which employees are vulnerable to phishing, and to help assess the training impact.
Phishing Simulations
Periodic phishing simulations will be deployed in order to track which employees are vulnerable to phishing, and to help assess the training impact.
Results | Jan - May Performance
After almost six months, these were the end results in each area.
Gap Analysis
- The gap analysis questionnaire was completed by 100% of staff
End-User Training
- Courses completed: 1,123
- Average course score: 95%
Phishing Simulations
- Simulation campaigns sent: 145
- Simulation campaigns that led to an employee being compromised: 8 (5% of simulations)
Breach Monitoring
- Number of employees with credentials (e.g. usernames and passwords) found in a data breach: 17 (19% of staff)
Human Risk Scoring | Making Sense of the Data
To truly understand how employee cyber risk is changing in the business, our service fuses multiple data sets together into one holistic human risk score, helping you to contextualize the training, phishing and dark web breach performance in a digestible and actionable way. Below shows the engineering company’s overall risk score change over time, as well as in each core area.
As you can see in the ‘Risk Score History’ graph above (also listed below for easy viewing), human risk was reduced in each core area and the company as a whole. Overall, human risk was reduced by 439 points, ending with a “Good” risk score of 136/900 (900 being the worst score possible).
The biggest improvement came in the reduction in phishing risk, with the overall risk score ending in 47/550, reducing by 303 points as less employees became compromised in simulations.
Company Risk Score
- January 2023 – 575
- May 2023 – 136 (-439)
BreachIQ
- January 2023 – 30
- May 2023 – 25 (-5)
LearnIQ
- January 2023 – 200
- May 2023 – 129 (-71)
PhishIQ
- January 2023 – 350
- May 2023 – 47 (-303)
End-User Training | Participation and Progress
It may sound obvious, but one key factor for improving employee security behavior is by making sure that everyone is consistently completing their training courses. That’s why we make our training courses short, engaging and self-paced, helping to keep course participation and impact high.
As you’ll see the engineering company’s report below, we track a number of key metrics that measure how end-users are progressing in their training journeys.
The table above outlines how many end-users have completed each of the 12 ‘Beginner’ stage courses. Overall, 96% of end-users have already completed all beginner stage courses.
Our service also tracks the completion rate for the ‘Intermediate’ and ‘Advanced’ courses. Here is how the engineering company’s employees performed between January to May 2023:
INDUSTRY
Engineering
EMPLOYEE COUNT
86
HEADQUARTERS
United States
USED SERVICE SINCE
January 2023
CASE STUDY DATE