The Next Wave: Human Risk Management

Posted by Drew Rose
March 31, 2022

Share Article

As a co-founder of Living Security, I am so proud of our team and what we’ve accomplished in just four years—including being named a leader in the Forrester Wave™: Security Awareness and Training Solutions Report, Q1 2022. It not only proves that what we’re doing is at the leading edge of the shift in security culture; it inspires us to continue to change the conversation.

Before starting our company, my co-founder Ashley Rose and I had a vision to develop something that could disrupt the boring, stale security risk training market and offer something that not only addressed actual risk but engaged people as the asset we believed they could be rather than a problem to be solved.

As the Forrester Wave report says, the rapidly changing landscape “is causing well-needed disruption in a long-stagnant market.” Living Security was founded under this same sentiment and we are excited to rise to the challenge, and offer something different—something better.

Disrupting the Status Quo To Innovate for the Future

Sometimes, a classic is a classic for a reason. But other times, simply doing something the way it’s always been done isn’t going to cut it. As it stands, the status quo set by existing learning management systems is all about getting annual training completed and calling it a day. If 80–95% of breaches and incidents are caused by some type of human behavior, why hasn’t the industry invested energy into trying to actually reduce those behaviors that are causing the breaches? For the last ten years, the solution (such as it was) meant buying more technology just to try to block malicious software and malicious attacks in real time.

The Forrester Wave report is clear: the future of Security Awareness and Training is about identifying what users are doing, what behaviors are putting them and their companies at risk, and using that information to change behavior before the problem happens. This is not your traditional Security Awareness and Training program that will get this done; this is Human Risk Management. The shift to Human Risk Management invests in optimism by identifying groups of users that are at risk and getting in front of a potential breach or incident by providing them content, messages, emails, and collateral to help them understand why those decisions are putting their organization at risk. It’s an entirely different focus—a human focus—and it’s what the industry needs.

Bringing the Human to Security Risk Management

Living Security doesn’t just play buzzword bingo with the ABCs of risk management. We truly believe that Awareness, Behavior, and Culture Change are not just important but essential in minimizing risk. 

The most important thing to remember is that people aren’t machines. Our goal has been to provide engaging content that is written to entertain, delight, and inform.  Whether it’s presented to a team or intended for individual use, there are have ample ways of learning. We present information in a way that people want to engage with and aim to eliminate fear to set employees up for proactive success, rather than preparing them for punishment. 

When it comes to behavior, CISOs not only need to know what individual risk factors are at stake but also what the overall trends and high-level view is. Our new Human Risk Management platform, Unify, integrates with existing security technology stack so that security owners, program owners, and CISOs can identify the groups of users that are most at risk—or the most vigilant—by seeing their actual behavior in real life, not just simulations.

Finally, culture is at the heart of everything we do. Culture is how you speak to people. Culture is how people think about the program, and what they think their part is within that program. Culture is why we're intentional on the content and immersive experiences that we develop, the questions that we create, and the goal of ensuring to establish a positive culture around security. At Living Security, we believe that when end users—the human factor—feel empowered to make the right decision and ask questions, they will ultimately reduce risk for their organization.

Developing a New Legacy of Security

Security Awareness and Training is a constantly-evolving field. While the industry itself still continues to be labeled with this moniker, we believe there’s a trend that’s moving the conversation in a different direction, one that puts more emphasis in empowering individuals as well as providing software to block attacks. If humans have the potential to be the weak point, then with the right training, they have enormous potential to be a company’s greatest strength. That’s the dramatic mindset shift we want to see in the broader market. That’s the change we believe we are leading.

We believe a better name for the category that we're establishing is Human Risk Management. This means looking to identify vigilant humans, and establishing ways to reduce risk. That’s the number-one goal of the people purchasing our solution. It's not to get the annual training checkbox, it's not to be compliant, it's to reduce risk of an exposure for that organization so they don't suffer from catastrophic losses due to ransomware, or business email compromises, or dramatic reputational damages.

We’re so honored to be named a leader in the Forrester Wave report alongside many companies who have been out there for longer than us. Here’s to the next wave of Human Risk Management. 

Download the full report to read more about "well-needed disruption in a long-stagnant market".

Forrester Wave 2022 - Download Report - Living Security - wave variant

 

Subscribe to Learn How to Prevent Cybersecurity Breaches

Additional Reading