How AES Fueled Security Vigilance and Measurably Lowered The Human Factor in Cyber-Risks

Contributed by Hoxhunt

Where did the winding 5-year journey to human risk reduction take CISO, Ryan Boulais and Fortune 500 energy company, The AES Corporation?

🚀 Like all great  #securitybehaviorchange and #humanriskmanagement journeys, this one started with legacy awareness training tools. But the journey led to Hoxhunt, and a:

📈 2,533% improvement in resilience ratio (#phishing simulation reporting rate divided by the failure rate)
📈 500% improvement in training engagement
📈 79% reduction in the failure rate
📈 Massive upswell in real threats detected and reported
📈 Reduction in resources needed to analyze threats and escalate incidents

1) The AES security team tried to improve security culture with three of the biggest SAT tools on the market for five years. But SAT engagement actually fell over time to 10%.
2)  That led to Hoxhunt. Recognizing that the traditional awareness model was flawed, AES launched an innovative security behavior change and human risk management program, leveraging the capabilities of Hoxhunt.
3) And that led to results. Read how they did it. This is an incredible success story given its time and scope.

“…With phishing simulation engagement rates reaching above 60 percent and failure rates dropping below 2 percent, Hoxhunt has helped us push our resilience into new territory, with our resilience ratio jumping by over 2,500 percent in just a few months. Hoxhunt has helped us surpass anything our legacy SAT tools could deliver.” — Ryan Boulais, VP & Chief Information Security Officer

The resilience ratio score of 38 is astonishing given the industry, size, and scope of AES. Similar companies will strive for scores of 10-15, and typically topout at 20. The resilience ratio is calculated by dividing the engagement rate by the failure rate, yielding a more accurate metric for risk than either engagement or failure alone.

“We focus on engagement. We aren’t beholden to click rate. Previously, we’d had a click rate of 7% with our awareness training solution, but we had a low reporting rate of only 10%. No matter what awareness tool we tried, engagement remained stagnant. We needed a new model to gain better visibility into our human risk and manage that risk, and Hoxhunt enabled that. Now we have a reporting rate of 70% and a click rate of like 2%. We’ve measurably reduced risk and improved security culture in a way that aligns with our cultural values, and people seem to really like it.” — David Badanes, Director of Cybersecurity Strategic Initiatives, AE

Read Hoxhunt’s full report here 

About Hoxhunt

Hoxhunt is a human risk management platform that goes beyond security awareness to drive behavior change and measurably lower risk. We combine AI and behavioral science to create individualized micro-training experiences people love. Employees learn to detect and report advanced phishing attacks. Operations teams respond fast with limited resources. And security leaders gain outcome-driven metrics to document reduced cybersecurity risk.

Hoxhunt works with leading global companies such as Airbus, IGT, DocuSign, Nokia, AES, Avanade, and Kärcher and partners with leading global cybersecurity companies such as Microsoft and Deloitte.

To learn more, visit https://www.hoxhunt.com/