How Integrations Work with Human Risk Management


Forrester’s reclassification from “Security Awareness & Training (SA&T)” to “Human Risk Management (HRM)” marks a tectonic shift in cybersecurity’s landscape. This new paradigm prioritizes risk quantification through the prism of human behavior over traditional metrics like quiz scores.

Key to this transformation are two pivotal changes:

  1. We’re discarding the outdated reliance on quiz-based risk assessments. Instead, we’re embracing a more sophisticated approach that evaluates human risk through observed behaviors within the Security Tech Stack.

  2. We’re moving beyond rudimentary metrics. The focus now is on nuanced, behavior-based metrics that offer a deeper, more accurate measure of risk.

This evolution goes beyond simply replacing quizzes with behavior tracking; it necessitates a seamless integration of HRM platforms with our current Security Tech Stack. It’s akin to upgrading from a basic weather vane to a meteorological station; where once we relied on rudimentary signals, we now seek comprehensive data that inform our cybersecurity strategies.

In essence, HRM’s role is to harness the Security Tech Stack to capture actionable intelligence, providing a multidimensional view of human risk that informs more targeted and effective interventions. But how do these integrations work within HRM?

Evolution of Integrations and Connected-ness in Cybersecurity

Cybersecurity’s integration reflects our response to complex threats. We’ve moved from early isolated systems to an integrated defense where systems share intelligence, enhancing our collective cyber resilience.

This shift leads to Extended Detection and Response (XDR), utilizing shared intelligence across platforms for stronger defense.

Gartner’s Cybersecurity Mesh Architecture (CSMA) further evolves this, offering a flexible, personalized security approach. It underscores the need to embed Human Risk Management within our cybersecurity matrix, acknowledging that effective defense strategies must adapt to human vulnerabilities.

Human Risk Management and the Connected-ness Concept

The way we at Right-Hand see it, the traditional lens for viewing human risk has often been one-dimensional, operating under the assumption that all individuals are equally prone to error and thus require the same level and frequency of training. This resulted in a flat-risk management approach, typically characterized by annual training sessions and phishing campaigns.

Our North Star has always been delivering behavior change and risk reduction, which would lead naturally to compliance, and not the other way around.

To address this, a nuanced understanding is essential:

  1. Understanding the Threat Vectors: Identifying the specific threats that an organization faces.

  2. Understanding the Individual’s Position Relative to Those Vectors: Recognizing where each person stands in relation to these threats, acknowledging that behavioral variations significantly impact risk levels.

So, how do we acquire this vital information? Through integrations.

Our Human Risk Management Program gathers contextual data about the individuals whose risk it seeks to mitigate. Predominantly, risks emerge from two main vectors:

  • Email: The most frequent point of interaction for most employees.
  • Web: Another critical touchpoint, with behavior related to web use constituting a significant breach risk.

For us here at Right-Hand, Human Risk Management is not a peripheral consideration but a central, integrated component of a holistic cybersecurity strategy, treating email and web interactions as the front line in the defense against cyber threats.

How We Apply Integrations to HRM

What Right-Hand’s Human Risk Management platform does, is we integrate with an organization’s SIEM, EDR, Email Security, DLP, and other security solutions they already rely upon on a daily basis, to give our clients visibility into which employees are most breach-prone based on the alerts they generate, trends, and risk appetite, at the individual, department and user group level.

With the more data that we ingest, and the more trends we are able to observe, we will soon be able to predict and prevent employee-caused security incidents before they even occur.

First, users receive real-time training nudges via Slack, MS Teams or email the moment they exhibit a risky behavior (such as violating a DLP policy or visiting a malicious web page).  So now, user training is relevant to more effectively change behavior, delivered in real-time, and no longer only checking compliance boxes.

Second, is that we’ve seen a direct correlation between the volume of real-time training nudges delivered, to a reduction in security alerts to the SOC over time.  This is the power of actually changing employee behavior.  Fewer employee mistakes made, equates to fewer alerts triaged. 

Third, is the power of all this data, and how our clients can use it to their advantage.  By understanding the full scope of all user-generated security alerts and which behaviors are more easily, or less easily influenced with training, security teams know where to invest into their security program, which controls and configurations need to be tightened, and where their remaining security gaps are.


There’s no HRM project that doesn’t include integrations. The move from traditional SA&T is made possible by connecting legacy Security Awareness teams with SOC teams. The integration with the Security Tech Stack delivers true behavior change among users, reducing risk and alerts, while returning robust and actionable metrics that drive insights and action items.   

If you’d like to know more about how our HRM platform delivers benefits across the board in your organization by leveraging and boosting your Security Tech Stack, talk to us today!

Rodrigo Leme

Rodrigo Leme

Marketing Director for Right-Hand Cybersecurity, Rodrigo has over 20 years worth of experience in Technology companies in Brazil, US, Canada and other countries. He is based in Sao Paulo, Brazil, and loves everything tech, music, marketing, writing, and hockey (go Canucks!).

More collection from our blogs

Ally is engaging, different, flexible, automated, device agnostic and aligns with our goals to be a cutting edge bank that both finds ways to accommodate and empower our people.

See for yourself how to upgrade your security awareness

Schedule a demo today, and learn how to raise engagement, performance and reduce operational stress with our platform.