AES wins CSO50 award for transformative security behavior change with Hoxhunt

Fortune 500 energy company AES and their CISO, Ryan Boulais, have been awarded a prestigious 2023 CSO50 Award for outstanding achievements in security behavior change and human risk management. They are quick to share the recognition with Hoxhunt and direct credit to their employees. Congratulations for this outstanding achievement!

Post hero image

Table of contents

See Hoxhunt in action
Drastically improve your security awareness & phishing training metrics while automating the training lifecycle.
Get a Demo

We are pleased to recognize AES for its CSO50 Award. Their 5-year human risk management journey took them from stagnant results with 3 legacy SAT tools to transformative, measurable behavior change with Hoxhunt. Kudos to Ryan Boulais, CISO of AES, David Badanes, Director of Cybersecurity, AES, and the whole AES Cybersecurity team on this well-deserved recognition for your innovative program!

“Cybersecurity is a shared responsibility, and the recognition for this CSO50 award must be shared with each employee, executive, and security team member at AES who have collectively locked arms and leveled up our security posture,” said Ryan Boulais. “We have a great set of tools that we utilize to measurably transform our cybersecurity culture in a way that has made security a watercooler topic. Hoxhunt is an important part of this transformation.”

As a leader in the energy industry, a central pillar of the critical infrastructure sector, AES takes security seriously. Understanding that people-targeted attacks are the greatest source of breaches, they're committed to providing their employees with the training and tools they need to protect themselves and secure the company from cyberthreats.

After stagnant results with industry-standard SAT tools, AES implemented the Hoxhunt human risk management platform and measurably raised resilience.

AES Key Outcomes: 526% increase in reporting rate, 79% decrease in failure rate, 58% decrease in miss rate, 2533% increase in resilience ratio

READ THE AES CASE STUDY

In a 3-month trial, AES compared outcomes of Hoxhunt's security behavior change model against the legacy SAT tools. The simulated threat reporting rate with Hoxhunt increased by 526%, from the 3-tool aggregate of 11.5% to 60.5%; meanwhile the failure rate has decreased over one year by 79%, from the 3-tool aggregate of 7.6% to 1.6%.

The resulting resilience ratio, in which reporting rate is divided by failure rate, increased by 2533%, from a score of 1.5 to 38. Similar companies strive for scores of 10-12 (a 60% success rate / 5% -6% failure rate is very good) and top out at 20.

Operating in a sector that’s heavily targeted by cyber-attacks, AES has shown what’s possible when evolving out of the SAT model and adopting the security behavior change and human risk management model.

“The end goal of an awareness program is to change behavior. The CSO50 award is the result of a 5-year awareness journey that included the Hoxhunt human risk management platform. Our people deserve all the credit for their incredible response to this program.” – David Badanes, Director of Cybersecurity Strategic Initiatives

About the CSO50 and CSO Hall of Fame Award Winners

The CSO50 award recognizes 50 organizations for security projects and initiatives demonstrating outstanding business value and thought leadership. The CSO Hall of Fame honors leaders who have significantly contributed to advancing information risk management and security. Inductees exemplify the qualities of leadership and excellence and, by their example, contribute to improving security across all organizations. Award winners are honored at the CSO50 Conference + Awards.

“This year’s winners of the CSO50 Awards are transformative projects that reflect new and innovative thinking and strong leadership despite the pressures of a rapidly changing threat environment,” said Beth Kormanik, Chairperson of the 2023 CSO50 awards program and Foundry Events Content Director.

Want to learn more?
Be sure to check out these articles recommended by the author:
Get the Human Cyber-Risk Report
Get more cybersecurity insights like this