Blackbaud's security awareness program was stuck in check-the-box compliance, offering little proof of real risk reduction. As Terry Smith, Program Director for Security Awareness, put it: “I wanted to be held accountable—are we actually moving the needle, or just checking a box?”
The problem wasn't a lack of effort. It was a lack of visibility. Data from threat detection and response (TDR), data loss prevention (DLP), and manual employee surveys all lived in separate systems. Pulling together even a basic picture of organizational risk meant hours of manual work — and even then, the resulting story wasn't compelling enough to bring to the board with confidence.
I wanted to be held accountable—are we actually moving the needle, or just checking a box?
By adopting Unify HRM, Blackbaud centralized risk data that had previously lived in disconnected tools, tracked Human Risk Index (HRI) improvements over time, and delivered board-ready insights that proved ROI and reduced organizational risk.
“All these disparate pieces… we were able to pull together through API connections,” says Smith, describing how Unify turned scattered compliance data into a single, measurable view of risk — one that could finally answer the question he'd been asking all along: is this program actually working?
Now we can actually show leadership that our program is working and the risk is going down.
Blackbaud now has strong, quantifiable metrics on its security program's risk reduction. “We've got a great story to tell, and now we can show it to leadership with quantifiable metrics,” says Terry Smith. Unify centralized disparate risk data into actionable insights, giving executives confidence backed by measurable HRI improvement and proof of ROI.
Before Unify, annual training felt like a checkbox. Gamified campaigns, scorecards, and nudges changed that. “I had over 300 people respond to me, asking how it ended—they were begging for more training,” says Smith. Voluntary participation and friendly competition translated into a 50-60% risk reduction in high-risk user groups.
Blackbaud's security team previously spent hours combing through SIEM data and spreadsheets to identify risky behaviors. “I think of Unify as my insights group,” says Smith. With TDR and DLP now integrated into Unify, the team monitors behavioral risk patterns, tracks high-priority signals during offboarding, and has reduced insider risk by half.
Blackbaud's Human Risk Index improved from 320 to 716 — a 124% increase. What started as a search for accountability became a repeatable model: centralize the data, measure what actually changes behavior, and give leadership a number they can trust.
“Now we can actually show leadership that our program is working and the risk is going down,” says Smith. That shift — from a program defended on effort to one proven on outcomes — is what turned Blackbaud's security awareness program from a compliance line item into a board-level asset.
Blackbaud proved the ROI. We can show you what it looks like for your team.