case study

Moss credits Hoxhunt with measurable human cyber-risk reduction

Client logo
About

Thousands of businesses rely on Moss, the leading corporate card and spend management solution. Seamlessly integrating into your existing systems, Moss saves you time and money and gives you control.

Industry: Financial technology

Headquarters: Berlin-based

Employees: Over 300

Challenge

Even with phishing attacks the top cyber-risk in the fintech industry, Moss found legacy Security Awareness Training (SAT) tools were overly manual, too punitive, and failed to measurably reduce risk and improve cybersecurity behavior.

Solution

The Hoxhunt Human Cyber-Risk Management platform satisfied GDPR and compliance standards, while delivering measurable security behavior change. The overall cyber-risk reduction and employee satisfaction exceeded SAT tool capabilities and the security team’s expectations.

Key takeaways:
Featured image

Key results:

●      Engagement:  92% total. 65% increase from baseline in one year.

●      Activity rate: 83%. Up 50% over one year

●      Success rate: 60%. Up 13% over one year

●      Failure rate: 5%. 36% improvement over one year

●      Miss rate: 35%

●      Resilience ratio (success/failure): 12

“Hoxhunt is an excellent tool. Our people are more and more looking at every email, even the real email attacks, and really trying to see whether each email is suspicious so they can report it to Hoxhunt. People are becoming more aware of why cybersecurity is important.”

– Priyanka Nagesh, Security Expert

Achieving compliance, and affecting behavior change

As a leading fintech company in its category, Moss has many customers within its partner ecosystem who depend on them to stay secure, protect sensitive data, and maintain operations. With software supply chain and human-targeted attacks being the top cyber-risks cited by publications like the Verizon Data Breach Incidence Report, Moss decided to move beyond the legacy SAT model and adopt the Hoxhunt security behavior change program and its human risk management platform.

As a nimble, multicultural startup, Moss chose Hoxhunt as a solution because it offers:

●      AI-enabled automation

●      Ease of use for users and admins

●      High-quality, frequent phishing simulations

●      Customized learning journeys that automatically adapt to user skill and background over time

●      Reward-based, positive learning experience

●      Multiple languages

●      GDPR and compliance standards

Hoxhunt pays off

Moss are industry leaders in providing credit cards to small businesses, so they know when to give credit where credit is due. Within a few months, the Hoxhunt CXO dashboard reports showed the security team that their employees were engaged and learning at a higher level. 92% of the company is onboarded into the Hoxhunt program, and 83% are actively participating in the security behavior change and awareness-building program.

As their success rate (phishing simulations correctly reported via the Hoxhunt button) rose by 13% to 60%, the failure rate declined by 36% to 5%. More employees were engaged and actively reporting simulated phishing attacks while far fewer were failing them, even though the simulations are designed to get harder over time to challenge users in their optimal zone of learning.

Their resilience ratio—the successful simulation reporting rate divided by the phishing simulation failure rate—is a highly respectable 12 (60% / 5%). This is a picture of risk reduction in a security behavior change program.

“Hoxhunt is an excellent tool. Our people are more and more looking at every email, even the real email attacks, and really trying to see whether each email is suspicious so they can report it to Hoxhunt. People are becoming more aware of why cybersecurity is important.”
– Priyanka Nagesh, Security Expert

Learning pays off

Engaged users mean more cyber-skillful employees. Hoxhunt automatically triggers microtrainings after each possible outcome of a phishing simulation: a success, a miss, and a failure. These learnings cover broad cybersecurity topics, not just phishing, and Moss has opted for a training package that is specific to their needs.

This all-carrot-no-stick approach is grounded in established behavioral science research, and is fundamental to the Hoxhunt training experience. It translates to rewarding the good behavior and coaching away the bad behavior.

Training on success and failure: 79% of employees complete microtraining after a success. 7% of employees complete micro-training after a misst

What do you notice with the following microtraining activity breakdown? (Note: These numbers don’t add up to 100 because they represent activity in each category of microtrainings completed; not percentage of total employees who’ve completed microtrainings.)

●      79% of employees complete microtraining after a success

●      7% of employees complete microtraining after a miss

●      51% of employees complete micro training after a failed phishing simulation

Rewarding success pays off! About 4 out of 5 employees who successfully report a phishing simulation will then engage in a security microtraining moment. Traditional SAT tools only trigger contextual learning—usually punishment-based and negative-- on failure, and neglect everyone else. This not only turns people off from cybersecurity, but it radically reduces the amount of learning and skills-building opportunities in the program.

“With regards to the training that we have for phishing, Hoxhunt is very effective and we are seeing a good amount of people who like using it.”
– Priyanka Nagesh, Security Expert

“Hoxhunt raises awareness through the whole company and is incredibly easy for admins and for employees to use.”
– Soledad Angley, TechOps Lead
Want to match these results?
Hoxhunt adaptive phishing training dramatically increases training engagement and security resilience.
Request a demo