Tech Nation’s cyber security cohort: CybSafe’s company profile

Information Age has partnered with Tech Nation to help explore 20 of the UK’s leading cyber security scaleups.

Tech Nation Cyber is the UK’s first national scaleup programme for the cyber security sector. It is aimed at ambitious tech companies ready for growth.

In a series of 20 company profiles, we will be introducing you to the cyber security scaleups that make up Tech Nation’s first cyber cohort.

20. CybSafe

All answers provided by Oz Alashe, CEO and founder at CybSafe.

What does your company do?

Cyber risks are not going to be solved by technology alone; the human side of the equation matters.

CybSafe is the world’s first intelligent cyber security awareness, behaviour and culture platform that provides reliable metrics and data driven insights to help organisations effectively monitor and improve cyber risk.

Underpinned by a powerful combination of artificial intelligence and behavioural science, the cloud-based platform is ideal for organisations at all levels of cyber maturity that want to positively influence and measure the cyber awareness, behaviour and culture of staff.

CybSafe brings an end to ‘tick-box’ awareness.

How do you differentiate to your competitors?

CybSafe’s cloud-based SaaS platform takes a radical, innovative and disruptive approach within the cyber security market focused on human cyber risk. While many products claim to improve cyber security behaviours, in reality, most have little to no effect on users — other than maybe on their ability to spot phishing simulations. If there is an impact, it’s impossible to measure. CybSafe’s novel approach means that this is no longer the case. CybSafe is the world’s first truly intelligent cyber security Awareness, Behaviour and Culture solution that demonstrably reduces human cyber risk.

CybSafe is an intelligent, personalised series of security awareness, behaviour and culture interventions that includes just-in-time virtual cyber assistance, scientifically proven behaviour change and nudge techniques, and deep risk insight through data and metrics.

CybSafe’s first differentiator is its comprehensive analytical engine: the cyber risk of employees and the effectiveness of cyber security awareness programmes have historically been hard to measure. But with CybSafe, customers always have the information they need to make better decisions about cyber risk. By providing metrics and insights on awareness, behaviour, and culture, customers have much greater visibility and control. Customers can observe how people’s knowledge and behaviours are changing, why and where their organisation could be compromised, and how people really feel about security. The dashboards make it easy to track impact and progress, areas for improvement, and return on investment, and presents information in a way that anyone in the business can understand.

Another differentiator for CybSafe is the element of artificial intelligence: CybSafe’s GCHQ and IISP accredited programme evolves through the application of the machine learning and user learning preferences so that it becomes much more effective and increasingly personalised to the individual over time. Maximising engagement, users get support at the right time, in the right way, and in a way much more likely to influence behaviour.

All of this is underpinned by behavioural science: CybSafe knows what works and what doesn’t when it comes to behaviour change. CybSafe is one of the few organisations of its kind with a dedicated behavioural science team focused on research and analysis. The company takes the insights and best practices from academia and uses these to inform the design and performance of its platform.

10 cyber security trends to look out for in 2019

What cyber security trends and issues can the world expect in 2018: more stringent regulation, creations of new roles? Read here

What are the common challenges in the cyber security space?

A lot of the challenges in the cyber security space right now are organisational.

Take communication, for example. At the moment, it’s currently very difficult for security professionals to communicate risk to other key stakeholders in their business. In large part, this is because of how challenging it is to quantify and measure cyber exposures. Unlike other operational risks, data surrounding cyber is limited. This is especially true of human cyber risk.

Another example is budgets: despite the growing financial risk that cyber presents, information security teams often work on very limited budgets. Teams often don’t have the resources to cover all aspects of their security environment adequately, and areas such as human cyber security sometimes get left behind.

What are the biggest mistakes a company can make regarding security?

I would pick on a couple of points here:

1. Not effectively tackling human cyber risk.

Up to 90% of all data breaches are the result of human error, and so the human element is not something any organisation can easily brush aside.

Many organisations don’t do anything at all about human cyber security at all. CybSafe’s own ‘Securing The Supply Chain‘ study earlier this year found that only about half of UK organisations engage in any sort of cyber security training and awareness programme. Of those that do run security awareness programmes, most aren’t seeing any benefit. This is because traditional cyber security awareness programmes — which are boring, non–contextualised, and un-engaging — simply do not work.

2. Not paying enough attention to supply chain security. On the whole, a majority of criminals don’t tend to target the prosperous and well-defended. They attack the unprepared.

This means that, especially for large enterprise, the chink in their security strategy is usually found, not in their own robust networks, but in the smaller suppliers they do business with – or even a supplier of a supplier.

Cyber security training: Is it lacking in the enterprise?

As part of Information Age’s Cyber Security Month, we are looking at the importance of cyber security training and education in the enterprise. Read here

Provide your best practice advice/top tip for effective cyber security?

Are phishing simulations making your people more secure? Is your security education programme working? Where are your human security vulnerabilities and why do these exist?

Data is powerful and vital in terms of informing decisions. Human cyber security is no exception, and keeping a close eye on the data you have available is key. Without data, there’s simply no way to reliably track impact, and there’s no way to know whether you’re adopting the right strategy.

What’s next?

CybSafe is growing — and fast. The company launched to market in July 2017 and we’ve now attracted hundreds of customers and over 120,000 users. In terms of what’s next for the business, it’s all about growing, and continuing to improve and invest in our innovative platform.

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

Cyber Risk
Tech Nation