The first and deepest industry-wide study of human behaviors and attitudes related to enterprise security.
NEW YORK, NY – July 19, 2024 – OutThink, the world leader in Cybersecurity Human Risk Management solutions, today announced the release of research results from its first annual CHRM data study. Run by OutThink Research Labs, this study analyzes 100 million datapoints across four million learners in the OutThink platform worldwide. It is the deepest dive in the HRM industry thus far into behavioral data as it relates to the security practices and attitudes of enterprise personnel.
The datapoints are collected in the course of OutThink’s unique brand of adaptive security awareness training, which pivots traditional training into a company-wide introspection exercise. Learners are asked about possible points of friction from each trained security practice, as well as their level of confidence and intention to implement said practice. These questions, along with other survey elements built into the training, provide a rich psychographic record and segmentation across the organization.
According to OutThink’s implementation of the Behavioral Segmentation Grid, just over 24% of the population are Security Champions. This psychographic segment is important for security leaders to identify as an augmentation of any kind of behavior change program. Almost 80% of the worker population has high intentions of complying with secure behaviors. Yet, a significant proportion of this population is not well informed and don’t comply. “You can’t treat everyone the same way,” quipped Marius Olivier, the head of Cybersecurity HRM at Emirates Group.
The report also highlights the wide distribution of security engagement scores across the employee population. Engagement is a fleeting concept in awareness training, and hence important for awareness leaders to measure. Though most of the industry has become resigned to low engagement, the OutThink learner base stretches that metric towards the top end of the scale.
Lastly, the data contains a great deal of analysis of business alignment of security. The extent to which secure behaviors cause friction with daily business processes. It turns out almost 40% of corporate employees experience a high degree of security friction. According to Ash Hunt, the CISO of Apex Group, “Build security organically into business process, or it becomes death by a thousand cuts.” The data in this report certainly bear this out. “This research shows that most people are trying to comply with secure practices, but a significant minority also see secure practices as a drag on their daily work,” said Donnacha Kirk, OutThink’s Head of Data Science and one of the report’s authors. “As this is our first iteration, we plan to dig even deeper in this data as we issue more research. The real value though, is running this for companies internally to identify their own hotspots of human security risk.”
The report itself can be downloaded in the Research Labs section of OutThink’s website, here.