Your Organisational Human Risk Gap Analysis Score
Well done for completing the Recyber Human Risk Readiness Check. This is a great step towards making the behaviour of your staff more cyber secure!
Based on your responses, we recommend our novel behavioural change platform, Republic, to close your human risk gaps.
Your score: 0/7
Open the tabs below to find more details.
How often does your business conduct security and awareness training?
95% of people know that cyber security is an ongoing risk, and yet it is so often treated as a tick-box exercise. Companies should continuously manage their human risk and provide regular opportunities and exercises for their staff to practice their skills. Republic does this by interacting with users little and often via Teams during working hours, to continuously encourage secure behaviour. Each interaction has been built to take between a couple of seconds and 2 minutes.
Does your current solution focus more on company security culture or specific behaviours?
Two-thirds of organisations do not tailor training to an individual based on their specific risks. However, making the training the same for everyone is an oversimplification and an over-generalisation that leads to poor outcomes. Whether relating to a behaviour common across all personnel, a role-specific behaviour, or even individual trait-like content preferences and start standards, organisations need to individuate training courses as much as possible. Republic does this by adjusting the content it shows, the interventions it delivers, and how often it interacts with users at an individual level, based on each person’s unique needs and risk profile as measured from their Individual User Taxonomy Scorecard.
Is training tailored to each user?
Almost half of people sampled would be less likely to report if they would face negative consequence. Trying to root out bad apples does not fix core problems. Republic is built to cultivate a foundation of user trust, from which secure behaviour can be developed. This is done by anonymising individual user risk data and only sharing individual engagement and compliance metrics. Republic also includes an email reporting game, where performance (click, report, ignore) impacts level advancement and reward, as well as Republic risk scoring for that individual, rather than for blame.
Would your employees face negative consequences if something they did led to a security breach?
Phishing is one of the most common methods of attack for cyber criminals. However, phishing simulation providers often forget to teach users how to spot the signs of a malicious email or punish users if they accidentally click a simulation link. Republic comes with a built-in phishing email reporting game Interception, which allows users to spot increasingly deceptive emails right from their Outlook Inbox. It does not punish insecure behaviour but rather encourages users to successfully spot our emails through level unlocks, and through our Republic currency Virtucoin which is awarded with each successfully report.
Are your employees able to regularly practice reporting suspicious emails?
75% of staff feel that training should be tailored to the needs of the individual. Measuring everyone according to a binary attendance figure over simplifies cyber behavioural risk and ignores many other behaviours, such as how incidents are responded to, social communication patterns, or how frequently passwords are shared. In contrast, Republic measures and reduces this risk by not only sharing how users have been interacting with the platform (e.g., answering questions, watching videos, reporting incidents), but also where specific risks lie according to our behavioural taxonomy of 180 risky behaviours and how they are changing over time.
Does your organisation measure its risk posture from training attendance alone? and phishing responses?
74% say that failing a phishing test makes them feel bad. Making someone feel bad for their behaviour is not a productive way to influence them to behave more securely in future. There are also many behaviours that occur outside of the email inbox, such as how incidents are responded to, social communication patterns, or how frequently passwords are shared, that are ignored when relying solely on a phishing tool. Republic not only includes an email reporting game Interception, but measures and reduces risk through our Republic Teams bot and Browser Platform. These three work together to deliver real‑time personalised nudges, gamified micro‑learning, incident response functionality, cyber-related news and much more.
Does your organisation measure its risk posture from a phishing tool alone?
How often does your business conduct security and awareness training?
95% of people know that cyber security is an ongoing risk, and yet it is so often treated as a tick-box exercise. Companies should continuously manage their human risk and provide regular opportunities and exercises for their staff to practice their skills. Republic does this by interacting with users little and often via Teams during working hours, to continuously encourage secure behaviour. Each interaction has been built to take between a couple of seconds and 2 minutes.
Does your current solution focus more on company security culture or specific behaviours?
Cyber-attacks often involve specific insecure behaviours. While culture does influence security behaviour, changing culture is complex, nuanced, takes an exceptionally long time, requires expert oversight, and is too exposed to other factors to reliably see risk reduction in a timely enough fashion to be a commensurate response to cyber threat. The answer is to refocus, act more quickly and instead, define our aim as reducing occasions of concrete measurable instances of risky behaviour. Republic does this by measuring users against a comprehensive taxonomy of 180 specific risky behaviours that an attacker could exploit.
Is training tailored to each user?
Two-thirds of organisations do not tailor training to an individual based on their specific risks. However, making the training the same for everyone is an oversimplification and an over-generalisation that leads to poor outcomes. Whether relating to a behaviour common across all personnel, a role-specific behaviour, or even individual trait-like content preferences and start standards, organisations need to individuate training courses as much as possible. Republic does this by adjusting the content it shows, the interventions it delivers, and how often it interacts with users at an individual level, based on each person’s unique needs and risk profile as measured from their Individual User Taxonomy Scorecard.
Would your employees face negative consequences if something they did led to a security breach?
Almost half of people sampled would be less likely to report if they would face negative consequence. Trying to root out bad apples does not fix core problems. Republic is built to cultivate a foundation of user trust, from which secure behaviour can be developed. This is done by anonymising individual user risk data and only sharing individual engagement and compliance metrics. Republic also includes an email reporting game, where performance (click, report, ignore) impacts level advancement and reward, as well as Republic risk scoring for that individual, rather than for blame.
Are your employees able to regularly practice reporting suspicious emails?
Phishing is one of the most common methods of attack for cyber criminals. However, phishing simulation providers often forget to teach users how to spot the signs of a malicious email or punish users if they accidentally click a simulation link. Republic comes with a built-in phishing email reporting game Interception, which allows users to spot increasingly deceptive emails right from their Outlook Inbox. It does not punish insecure behaviour but rather encourages users to successfully spot our emails through level unlocks, and through our Republic currency Virtucoin which is awarded with each successfully report.
Does your organisation measure its risk posture from training attendance alone?
75% of staff feel that training should be tailored to the needs of the individual. Measuring everyone according to a binary attendance figure over simplifies cyber behavioural risk and ignores many other behaviours, such as how incidents are responded to, social communication patterns, or how frequently passwords are shared. In contrast, Republic measures and reduces this risk by not only sharing how users have been interacting with the platform (e.g., answering questions, watching videos, reporting incidents), but also where specific risks lie according to our behavioural taxonomy of 180 risky behaviours and how they are changing over time.
Does your organisation use a phishing tool?
74% say that failing a phishing test makes them feel bad. Making someone feel bad for their behaviour is not a productive way to influence them to behave more securely in future. There are also many behaviours that occur outside of the email inbox, such as how incidents are responded to, social communication patterns, or how frequently passwords are shared, that are ignored when relying solely on a phishing tool. Republic not only includes an email reporting game Interception, but measures and reduces risk through our Republic Teams bot and Browser Platform. These three work together to deliver real‑time personalised nudges, gamified micro‑learning, incident response functionality, cyber-related news and much more.
Given your responses, we recommend Republic to narrow your human risk gaps.
Republic Gives You:
- Continuous, personalised micro-training in Teams
- 180+ risky behaviours measured
- Real-time nudges
- No blame.
Free Trial For Small Businesses*
Improve cybersecurity behaviours and reduce cyber risk across your organisation. Republic delivers real-time insights and targeted interventions to strengthen security culture and keep your team protected.
Pricing: Following the 6-week free trial, organisations with less than 100 users can continue for £199 per month.
*For organisations with over 100 users, please contact the sales team using the form below.