Cybersecurity blog Cybersecurity blog
How to measure human cyber-risk, finally!
Facebook Twitter LinkedIn

How to measure human cyber-risk, finally!

Sindri Bergmann
5 min read ∙ May 25, 2022

We all know that cybercrime is on the rise. Organization are also well aware of the risk to their reputation and financial damages that cyber-attacks and data leaks can cause. Studies have found that up to 90% of all successful cyber attacks and data leaks stem from some kind of human manipulation. But how to measure human cyber-risk? AwareGO has just released the tool that you need to measure and manage human risk in cybersecurity: The Human Risk Assessment.

Security admin in front of computer with overlay of cybersecurity score on background showing measuring of human cyber risk when it comes to phishing

What is human cyber-risk?

Human risk is everywhere, from general physical risk (like not wearing appropriate safety gear) to cyber risk and data leaks. If employees are unaware of cyber-risks, regularly bypass internal cybersecurity measures or disregard the organization’s policies, that amounts to your human cyber-risk. Most organizations offer some type of cybersecurity training, often to check in a box and comply with data privacy regulations. What they’ve been missing is a way to measure human cyber-risk to really know where they stand and manage the human risk in cybersecurity.

Example from Human Risk Assessment. Measuring human cyber risk when it comes to social media use

How NOT to measure human cyber-risk?

Until now the only tools available to measure human cyber-risk have been phishing simulations and USB-drop simulations. These are designed to show organizations how many employees fall for phishing emails or would connect an unknown USB drive to their computer. What these simulations don’t show is a holistic overview of employee knowledge and behavior. There can be many reasons why a person does not click on an email or pick up a USB drive, such as being too busy during that particular moment. We’ve also heard instances of phishing simulations being made too hard to spot, even using the organization’s real domain, which resulted in malicious compliance from the employees where they refused to open any emails or respond to meeting invitations.

Woman in front of computer with overlay of text showing example from measuring human cyber risk through AwareGO Human Risk Assessment

Measuring human cyber-risk must therefore be done in a way that does not set employees up to fail and show real and actionable results that are not a fluke. So how to measure human cyber-risk without that negative component?

A holistic solution to measuring and managing human risk in cybersecurity

For the last 2 years, cybersecurity and behavioral experts at AwareGO have been working on an overall solution to measure and manage human risk in cybersecurity. The solution is called the Human Risk Assessment and it is finally available to all.

Female security admin measuring human cyber risk with AwareGO human risk assessment

The Human Risk Assessment is a holistic solution to measure, detect and manage human risk in cybersecurity. It is an interactive space where organizations can assess their employees’ knowledge and behavior in a safe and positive environment. Employees get to see their own result in a granular way and get information on wrong and right answers so that they are learning and becoming more aware in the process. The results can then be used to give training to employees who need it in the correct threat areas.

How to use result from the Human Risk Assessment?

Depending on how security admins categorize participants they can get granular results on various threat areas categorized by geographical areas, titles within the organization, divisions and more. Once they have the results, they will know what type of training is needed and which groups should receive it. Cybersecurity training and managing human risk in cybersecurity will become less of a guessing game and more of a data-based approach.

We recommend sending out risk assessment both before and after training to see if the training is working and which threat areas your organization needs to tackle first. The Human Risk Assessment can be available as a stand-alone product because it works with any type of training. It measures both knowledge and behavior so there is no guessing game when it comes to the results.  

Multiple people in an office setting, each showing score from measuring human cyber risk above their head.

Each question is designed to measure every factor of human knowledge, behavior, and awareness regarding different threat areas. This goes far beyond just phishing and USB drives as the Human Risk Assessment has multiple other threat areas, such as password handling, hybrid work, data security, social media behavior, physical security and more.

The value of cybersecurity

Cybersecurity teams often have a hard time showing the value of their work. With the Human Risk Assessment, they will be able to show the organization’s cybersecurity score and where it is vulnerable. They will also be able to show results of training in those threat areas and how continued awareness training and human risk management in cybersecurity benefits the organization. CISOs and their cybersecurity teams can now present visible results to the C-suite in a comprehensive way that demonstrates the value of their work.


Because the Human Risk Assessment measures human cyber-risk in multiple threat areas it will also be clear to both cybersecurity admins and executives that excelling in one area of cybersecurity is not enough to keep the organization safe. Human risk management in cybersecurity is needed across all threat areas to minimize it and keep the organization safe.

The human risk factor

As already stated, a vast majority of cyber-attacks stems from some type of human error or manipulation. That means that cyber criminals are increasingly turning their methods towards breaching humans instead of breaching firewalls and antivirus software. Humans can be the weakest part of any organization’s cyber defense. The human factor can also be turned into the organization’s greatest asset when it comes to cybersecurity. A workforce that is aware of cyber-risks and trained to recognize the red flags of cyber-attacks could safe your organization thousands of dollars – or more depending on the size of the organization.

Measuring human cyber risk with human risk assessment. Computer screen showing question about passwords.

By measuring the cybersecurity awareness, knowledge, and behavior you can manage human cyber-risk with the right training and awareness programs. The Human Risk Assessment is the best tool to do that and eliminate guessing from your cybersecurity efforts.

Test the Human Risk Assessment for free!

Sign up – no credit card or commitment needed.
Our award-winning content is part of the package.

Sindri Bergmann
5 min read ∙ May 25, 2022

Become cyber secure

You and your employees are going to love AwareGO. It’s a modern, cloud-based system for managing human risk, from assessment to remediation. We’ve made it super easy — schedule your first assessment or training in minutes.

Get started for free and give it a go right now.

You’ll love the way AwareGO can fit into your existing infrastructure. Our robust APIs, widgets, and content available in SCORM format make sure that the integration is seamless. We also integrate with Active Directory, Google Workspace, and popular tools like Slack and Teams.

Contact us and our experts will recommend the best way to integrate.

Upgrade your cybersecurity business by adding human risk management to your existing portfolio of services. Increase your deal size by leveraging Human Risk Assessment or offering Security Awareness Training to your current customers and creating a new revenue stream.

Contact us to become an AwareGO partner, and we will support you every step of the way.

Join top companies worldwide in the mission to make workplaces cyber-safe

Get started free
blank blank blank blank blank blank blank blank blank blank