It’s not why. It’s how. The Hoxhunt mission to counter people-targeted attacks with a people-first approach is unchanged. But our platform has dramatically evolved beyond the awareness and compliance category to measurably change behavior and reduce human risk, which is responsible for 83% of data breaches according to the Verizon DBIR. Conceived in 2016 as a people-first security awareness and phishing training solution, the new Hoxhunt Human Risk Management Platform extends our mission by comprehensively facilitating compliance, security behavior change, and enhanced threat detection and response capabilities. And it's all automated to achieve resilience without resources. Here’s why that matters.
Passing a quiz or watching a snazzy video about cybersecurity doesn’t actually foster new skills in employees, grant visibility to security teams, or lower risk for organizations. So why stop at awareness and compliance when you can harness human intelligence and stop threats in their tracks?
In today’s cybersecurity landscape, humans are targeted more often and by increasingly more sophisticated attacks. One bad click can compromise the whole ecosystem and corrupt the surrounding supply chain. Hackers are targeting people to take you and your ecosystem down. That’s why solutions should target people too, and not just for compliance.
Just look at what’s stated in the Nov. 16, 2022 Gartner report, Innovation Insight on Security Behavior and Culture Program Capabilities, in which Hoxhunt is recognized as a representative provider.
New capabilities are emerging to meet the demand for improved human risk management. These security behavior and culture programs (SBCP) capabilities focus on risk reduction via tangible employee behavior management. Innovative solutions build their services based on behavioral science principles, and use data analytics and automation to reduce risk exposure via measurable culture change.
– Innovation Insight on Security Behavior and Culture Program Capabilities, Gartner
What if one platform could do it all? Imagine being able to exceed compliance; create lasting behavior change; and ultimately boost threat detection and response capabilities. Such an integrative, multi-functional approach is possible. And it’s a game-changer.
“Before Hoxhunt, we didn’t know what kinds of spam and phishing emails our users were getting. We trained users to delete suspicious emails. But now, with Hoxhunt, it’s a game changer because we tell employees to report all suspicious emails. This gives us visibility into ongoing real phishing campaigns so we can react with activities like URL blocking and IP address blacklisting."
– TOBIAS HAUSER, HEAD OF INFORMATION SECURITY AT VICTORINOX
Hoxhunt, already the world’s leading security awareness and phishing training solution according to G2, is introducing three new products for our revamped, AI-enabled platform. Each product is designed to work together to achieve greater resilience with fewer resources.
Today’s CISO knows that stopping at awareness for regulatory and audit compliance means falling short of the real goal: improving risk posture. And that goal is more critical than ever as attacks get fiercer while cybersecurity insurance gets thinner and regulations get stricter. The AI-enabled platform offers three new products that can be aligned with an organization’s security maturity.
Hoxhunt is the one platform designed to induce exponential increases in threat reports and automatically analyze them. Once people learn to report suspicious emails as a reflex, the Hoxhunt AI automatically classifies the deluge of threat reports to stop attacks before they spread and let the security team focus on the incidents that matter.
"One Fortune 500 US tech company compared phishing simulation results of their 1,000 worst performers, who were trained with Hoxhunt for three months, against 1,000 of their best. The overall population had an 11.5% fail rate and 29% success rate, while the Hoxhunt test group performed at 8.6% fail rate and 41% reporting rate. Before Hoxhunt, the test group consistently showed fail rates from 30% to 50% in tests and dreadfully low reporting rates. Few results have better demonstrated exponential improvement of cyber behavior."
– Mika Aalto, co-Founder and CEO of Hoxhunt
Another leading US tech company has reported to leadership that they actually save four FTEs of SOC analyst work a month by using the Hoxhunt Response platform to automatically categorize and prioritize the thousands of monthly threat reports from the company’s tens of thousands of employees.
This union of human intelligence and AI has inspired Finland’s largest telecom provider to reconsider employees as “human threat detection sensors.” In a benchmark study, they independently performed comparing phishing simulation failure rates of 2000 traditional awareness-trained employees against 1,000 Hoxhunt-trained employees, the Hoxhunt users were 20 times less likely to click on a malicious link (failure rate of 1% vs. 20%).
“We started with security awareness but later, as the Hoxhunt Response Platform developed, we integrated awareness results into our core security stack. Our awareness threat intelligence helps drive our board reporting and security strategy. As our employees began reporting more and more real threats, we realized we were developing a human sensor network. With the automation of the Response Platform, Hoxhunt provided a good way to connect the technology with the people and processes of our security system and improve overall threat detection and response.”
– TEEMU MÄKELÄ, CISO OF ELISA (NOMINATED AS CISO OF THE YEAR IN 2020)
The Hoxhunt Human Risk Management Platform is designed to understand your people in order to transform them into security assets. For the first time, people can be integrated into the security stack for next-level threat detection and response capabilities.
“Hoxhunt is different from the competition because it integrates the human layer with the technology layer. It connects people, processes, and technology. People must be in the center of everything and with Hoxhunt, the people are in the center and integrated as critical elements of the security tool stack.”
– Manfred W., Information Security Officer
According to the World Economic Forum, 95% of data breaches can be traced back to human error, mostly from clicking on targeted phishing attacks. Hoxhunt delivers high-ROI resilience with minimal resources by automatically integrating human threat intelligence—which is the only way to catch the millions of sophisticated phishing attacks that evade technical filters each year—into the security stack.
“Employees are often overlooked as a part of an organization’s security stack and attackers continue to exploit this oversight. They count on employees receiving generic awareness training geared for corporate compliance goals, initiatives which fail to alter employee cyber behavior or create threat detection skills. Attackers target people, and Hoxhunt was established to do the same but as a solution. With our human risk platform, organizations can significantly alter their employees’ security skill levels to create a strong human threat detection engine when attackers bypass technical layers.”
– Mika Aalto, Co-Founder and CEO at Hoxhunt.
Since its inception, Hoxhunt has helped some of the world’s leading companies graduate from security awareness training into security behavior change and human risk management, including Airbus, DocuSign, Kaercher, and Victorinox. The company has also received numerous accolades in recent months. Hoxhunt was named a Best Software Company (EMEA) by G2 and received three awards from TrustRadius for security excellence.
To see Hoxhunt in action, please visit: https://www.hoxhunt.com/.
Hoxhunt helps security leaders and employees join forces to prevent data breaches. Hoxhunt is a Human Risk Management platform that goes beyond security awareness to drive behavior change and measurably lower risk. Data breaches start with people, so Hoxhunt does too. It combines AI and behavioral science to create individualized micro-training experiences people love. Employees learn to detect and report advanced phishing attacks. Operations teams respond fast with limited resources. And security leaders gain outcome-driven metrics to document reduced cybersecurity risk.