This site uses third party services that need your consent. Learn more

Skip to content

Human risk metrics to improve your team’s security behaviors

Help people with cybersecurity based on their knowledge, interest, and needs

Give your colleagues exactly the kind of support they need - and want - to make better cybersecurity decisions. 

Human risk metrics help you understand, measure, and manage the cybersecurity risks associated with human actions. 

Not because humans are the weakest link, but because it’s much more effective to engage people on their terms. 

password security
file sharing
account sharing
learning motivation
leadership example
access control
smishing risk

How Human risk metrics work

Guarantee privacy while collecting security behavior data

To help people be safe at work and at home, we need data about their actions. But we don’t have to sacrifice their privacy to get it. 

Our unique, privacy-friendly approach doesn’t reveal individual risk scores. 

Instead, it maps risk factors (tags) to anonymous behavioral data and dynamically group people based on their learning interest plus knowledge of specific topics (scams, email security, self efficacy, etc).

Illustration showing how a risk factors contributors can contribute to an overall human risk score.

Understand, track, and improve your total risk score

The total risk score of your organization gives you a helpful KPI to track big-picture progress.

Since you can break down this score into clearly defined risk areas and corresponding risk factors, it’s easy to notice and prioritize areas of improvement.

By making security behaviors measurable, human risk metrics provide powerful arguments for a bigger budget when reporting to executives, and proof for return on investment.

Illustration showing a total risk score of 40.

Help vulnerable groups as their needs change

Forcing someone who fails a single phishing test into a generic course feels more like a punishment than a learning opportunity. Outdated and ineffective, these very transactional methods alienate people.

At Secure Practice, we use human risk metrics to observe behavior patterns over time, without compromising privacy. This allows for tailored follow-ups like micro-courses or exercises, ensuring upskilling aligns with evolving needs.

Illustration of a graph showing risk areas trending down.

Customize the Human Risk model for your organization

With 100+ pre-configured risk factors, it’s easy to get started with human risk metrics.

Together, these factors create the Human Risk model, which you can customize for your organization. Rename them, add new ones, and adjust their impact.

Organize them into your security program's key areas such as identity, devices, information and scams, plus compliance and motivation to gauge knowledge and interest.

Illustration showing how a Human Cyber Risk score can be broken down into different elements: accounts, passwords, multi-factor auth, lock devices and sharing are all examples of risk factors.
We’ve built a dashboard to help us monitor security maturity KPIs and security culture metrics are part of it. Human risk metrics help us break them down for each business area and prioritize our actions to meet both stringent compliance requirements and our colleague’s needs and interests.
Martha Eike Security Culture, Awareness and Human Risk Management at Storebrand

Win people’s hearts and minds without heartless monitoring

Power up your security awareness program with top-notch data, not surveillance. Make your team feel safe to act and engage - not blamed. 

Our privacy-first data collection approach lets you help vulnerable groups with targeted training without exposing individual behavior.