We are pleased to recognize AES for its CSO50 Award. Their 5-year human risk management journey took them from stagnant results with 3 legacy SAT tools to transformative, measurable behavior change with Hoxhunt. Kudos to Ryan Boulais, CISO of AES, David Badanes, Director of Cybersecurity, AES, and the whole AES Cybersecurity team on this well-deserved recognition for your innovative program!
“Cybersecurity is a shared responsibility, and the recognition for this CSO50 award must be shared with each employee, executive, and security team member at AES who have collectively locked arms and leveled up our security posture,” said Ryan Boulais. “We have a great set of tools that we utilize to measurably transform our cybersecurity culture in a way that has made security a watercooler topic. Hoxhunt is an important part of this transformation.”
As a leader in the energy industry, a central pillar of the critical infrastructure sector, AES takes security seriously. Understanding that people-targeted attacks are the greatest source of breaches, they're committed to providing their employees with the training and tools they need to protect themselves and secure the company from cyberthreats.
After stagnant results with industry-standard SAT tools, AES implemented the Hoxhunt human risk management platform and measurably raised resilience.
In a 3-month trial, AES compared outcomes of Hoxhunt's security behavior change model against the legacy SAT tools. The simulated threat reporting rate with Hoxhunt increased by 526%, from the 3-tool aggregate of 11.5% to 60.5%; meanwhile the failure rate has decreased over one year by 79%, from the 3-tool aggregate of 7.6% to 1.6%.
The resulting resilience ratio, in which reporting rate is divided by failure rate, increased by 2533%, from a score of 1.5 to 38. Similar companies strive for scores of 10-12 (a 60% success rate / 5% -6% failure rate is very good) and top out at 20.
Operating in a sector that’s heavily targeted by cyber-attacks, AES has shown what’s possible when evolving out of the SAT model and adopting the security behavior change and human risk management model.
“The end goal of an awareness program is to change behavior. The CSO50 award is the result of a 5-year awareness journey that included the Hoxhunt human risk management platform. Our people deserve all the credit for their incredible response to this program.” – David Badanes, Director of Cybersecurity Strategic Initiatives
About the CSO50 and CSO Hall of Fame Award Winners
The CSO50 award recognizes 50 organizations for security projects and initiatives demonstrating outstanding business value and thought leadership. The CSO Hall of Fame honors leaders who have significantly contributed to advancing information risk management and security. Inductees exemplify the qualities of leadership and excellence and, by their example, contribute to improving security across all organizations. Award winners are honored at the CSO50 Conference + Awards.
“This year’s winners of the CSO50 Awards are transformative projects that reflect new and innovative thinking and strong leadership despite the pressures of a rapidly changing threat environment,” said Beth Kormanik, Chairperson of the 2023 CSO50 awards program and Foundry Events Content Director.