case study

How Neles Boosted Threat Reporting, Response And Remediation

Client logo

Headquarters: Helsinki, Finland, with 7 technology centers worldwide including: Fergus Fall, MN; Shrewsbury, MA; Horgau, Germany

Industry: Manufacturing. Global leader in flow control solutions and services with valves and valve automation technology

About 3,000 employees globally


With email being the primary attack vector in 94% of breaches, Neles had already prioritized employee cybersecurity awareness training, but desired a tool specializing in user engagement and threat reporting that would complement their existing e-learning awareness package.


Neles selected Hoxhunt for its gamified training platform and its automated delivery of continuous skill-level-targeted micro-trainings, along with enhanced threat reporting and response tools, which would all seamlessly integrate with Office 365.

Key takeaways:
Featured image
  • Improved threat reporting
  • Improved threat analysis and incident response
  • Strong complementary integration with existing e-learning package
  • Strong integration with Office 365
  • Improved cybersecurity culture
  • Measurable awareness improvements

This global leader in flow solutions controlled the flow of phishing attacks and improved threat reporting with cybersecurity awareness training

Hoxhunt according to Neles:

“What stands out about Hoxhunt is how the number of real email threats reported by our employees has jumped from essentially zero to between 60-90 per month. Hoxhunt’s dynamic, user-friendly content and excellent integration with Office 365 has complemented our existing e-learning package and turned our employees into active threat reporters. This has all enabled a new level of threat response. We now have unprecedented and actionable insights. We can find and remove email related threats reported by users, and react immediately to clicked malicious links. Hoxhunt has helped us measurably reduce risk of a breach.” – Jussi-Pekka Liimatainen, Senior Manager, Cybersecurity & Data Privacy, Neles


  • Seamless integration with Office 365 for easier threat reporting, threat analysis, response and remediation
  • Threat reports soared from near zero to 60-90 / week (this is exceptional)
  • Engagement rate with Hoxhunt program jumped to around 60%
  • Simulation fail-rates dropped from 11.5% at baseline to 2.5% (which is outstanding)

Background: Strong awareness videos made stronger with continuous micro-training

The information security team, headed by Senior Manager, Jussi-Pekka Liimatainen, have an excellent e-learning video package covering data privacy and general cybersecurity topics. They wanted to enhance that e-learning package with a training tool that would increase threat reporting and optimize response.

Hoxhunt was selected for its interactive gamified approach to awareness, where threat reporting is integral to the learning process.

“Classroom e-learnings are fine, but if you do one or, max, two sessions per year, how much will you actually remember? If it’s not daily or regular reminders of cybersecurity topics, you don’t sustain increased awareness. Hoxhunt helped reinforce the e-learnings and taught people what to do if they saw something potentially malicious in their inbox.”

After researching alternatives, he selected Hoxhunt for its:

  • Integration: Office 365 and Azure, along with existing e-learning package and other systems
  • Reporting: Threat intelligence, response, and remediation capabilities vastly upgraded
  • Customization: Targeted threat simulations matched with individuals’ skill levels and progress over time.
  • Gamification: For high engagement rates
  • Ongoing cadence: frequent threat simulations and micro-trainings keep security lessons from e-learning always front-of-mind
  • Automation
  • Supportive learning environment: simulation failures were followed by immediate micro-trainings, rather than some kind of punishment
  • Quality of content: simulations stay current with the threat landscape, are challenging to spot, and hard to anticipate
  • Positive tone: Encouragement supports learning better than punishment

Threat reporting with Office 365 integration is a game changer

Liimatainen singled out the new level of threat reporting enabled by Hoxhunt and, along with it, the ability for his team to monitor and manage risk. Raising cybersecurity awareness is a critical first step towards effective training, but it’s not the final step. Knowledge became power once employees were trained to instinctively hit the Hoxhunt reporting button on their email.

Equally important, those reported threats are immediately corralled and analyzed in an AI-powered sandbox environment, where the security team can take appropriate action based on enhanced threat insights and optimized incident response.

“When we have so many employees who are good at identifying and reporting suspicious emails, it means that we can also protect the ones who don’t recognize the phishing emails. We don’t have to be in a situation where everyone recognizes a phishing attack. We just need the one person who picks it up and reports it so we can take action that protects everyone else. If everyone is part of the human sensor network, then they can pick the threat up even if the heuristics haven’t picked it up.”

True risk: “People ask me, ‘How is your SOC team doing,’ and my answer is always: You don’t know what you don’t know.”

“Hoxhunt can give you some idea of what your risk of an email breach truly is from the high participation rates with the simulated threat emails, which are very realistic. Whatever the simulated fail rate is, you can be more certain that the fail rate is probably the same with the true cases.

If you take that angle, the most significant question when it comes to risk is: is there a phishing email in the system that nobody reported? If one person reported a threat, and that threat has been investigated and removed, then the risk of a breach is lower, and the risk is known. You know that those email boxes where the malicious email message is still, are potentially compromised. In Office 365 you can remove verified phishing email from all inboxes. If nobody reports a phishing email, I would say then there is a high chance that it ultimately gets some clicks. But if someone reports it, then at least you have a fighting chance.”

Fun and dynamic content optimizes engagement

The response to Hoxhunt has been overwhelmingly positive. Even those in senior management who had doubts about the phishing training have been enthusiastic about learning cybersecurity in such a fun and engaging way. And Liimatainen knows first-hand that Hoxhunt’s training content is challenging even for a cybersecurity professional. Liimatainen fell for a high-difficulty-level simulation himself, and he was happy to admit as much to his colleagues. It helped drive home the fact that cybersecurity is a topic of lifelong improvement for everyone.

“Overall, awareness is something that can bring value and will benefit the whole organization with the best rate of return on investment. Technical measures for protecting and monitoring company IP and data are important, but they do not always give you the benefit you’re seeking for the money. So, cybersecurity investment needs to be more directed to the things that really matter, and breaches at the human layer are the biggest risk. Building awareness raises the organization’s security posture the easiest way.”

Table of contents

Want to match these results?
Hoxhunt adaptive phishing training dramatically increases training engagement and security resilience.
Request a demo