Skip to main content

Explainer: New Behavior reports

Ben Chadfield avatar
Written by Ben Chadfield
Updated today

The updated Behavior reports provide a clearer way to understand and track security behaviors across your organization. Rather than focusing on abstract scores and coverage metrics, these reports highlight actual behavior events, making it easier to identify risks and measure the impact of your security awareness initiatives.

How to access

Navigate to the reports section in your CybSafe dashboard and select "Behavior" from the navigation menu. The reports are organized into six main sections:

  • Overview

  • Behaviors

  • Data sources

  • Groups

  • People

  • Activity log

Understanding the reports

Overview page

The overview page provides a high-level summary of your organization's security behavior activity:

  • Key metrics: View total events, positive/negative event counts, number of behaviors being tracked, data sources connected, and people being measured.

  • Event trends: Track behavior events over time with an interactive chart that can be filtered by date range.

  • Data source distribution: See which integrations and systems are contributing behavior data.

  • Event type breakdown: Understand the proportion of positive vs. negative events.

  • Group performance: Compare behavior events across different teams.

Behaviors page

The behaviors page helps you identify which security behaviors need attention:

  • Behavior table: Lists all behaviors being tracked in your organization.

  • Event metrics: Shows positive and negative event counts for each behavior.

  • Filtering options: Filter by behavior categories, NIST/MITRE frameworks, or impact type.

  • Sorting: Sort behaviors by event counts to prioritize areas of concern.

Behavior detail page

Clicking on any behavior takes you to a detailed view showing:

  • Event metrics: Total events, positive and negative counts for the selected behavior.

  • Contributing data sources: See which systems are tracking this specific behavior.

  • Event breakdown by group: Analyze how different teams are performing with this behavior.

  • Activity log: Review specific behavior events with detailed user information.

Data sources page

This page shows which systems are contributing behavior data:

  • Integration performance: See which data sources are most active.

  • Behavior coverage: Understand which behaviors each source monitors.

  • Event details: View the specific events captured by each integration.

Groups page

Compare behavior metrics across different teams:

  • Group comparison: See which groups have the highest rates of negative events.

  • Behavior breakdown: View which behaviors are most problematic for each group.

  • Trending data: Track group performance over time.

People page

Track individual user behavior:

  • User activity: See behavior events for specific individuals.

  • Risk identification: Quickly identify users with high rates of negative events.

  • Behavior patterns: Understand which behaviors specific users struggle with.

Activity log

A comprehensive record of all behavior events:

  • Advanced filtering: Filter by date, event type, behavior, user, or group.

  • Exportable data: Download as CSV or PDF for further analysis.

  • Chronological view: See the sequence of behavior events across your organization.

How to use the reports

Identifying priority behaviors

  1. Go to the behaviors page.

  2. Sort by "negative events" (highest to lowest).

  3. Focus on behaviors with the highest negative event counts.

  4. Click on these behaviors to see detailed information.

  5. Use this data to prioritize which behaviors need immediate attention.

Tracking improvement over time

  1. Select the appropriate date range filter (e.g., this year, last 30 days).

  2. Use the trend charts to visualize changes in positive/negative events.

  3. Compare event patterns before and after implementing security initiatives.

  4. Monitor specific behaviors targeted by your awareness campaigns.

Identifying high-risk users

  1. Go to the people page.

  2. Sort by negative event count.

  3. Click on specific users to view their detailed behavior history.

  4. Use this information to deliver targeted interventions.

Evaluating data source effectiveness

  1. Visit the data sources page.

  2. Review which integrations are providing the most valuable data.

  3. Identify gaps in behavior coverage.

  4. Consider enabling additional integrations for more comprehensive monitoring.

Best practices

  • Regular review: Schedule weekly or monthly reviews of the Behavior reports.

  • Focus on trends: Pay attention to trends rather than individual events.

  • Combine with other data: Use behavior insights alongside learning and phishing reports for a complete picture.

  • Share reports: Use the export features to share insights with stakeholders.

  • Target interventions: Use the data to deliver focused training and nudges to specific groups or individuals.

  • Measure impact: After implementing behavior change initiatives, use these reports to measure their effectiveness.

FAQ

What's the difference between positive and negative events?

Positive events represent secure behaviors (like using a password manager), while negative events represent potential vulnerabilities or risky behaviors (like using a weak password).

How is this different from the previous Behavior reports?

The new reports show you the actual activity rather than calculated scores and coverage percentages.

Old approach: A behavior might show a score of 40 with "low coverage," leaving you wondering whether this was a priority.

New approach: The same behavior shows "1,552 negative events, 200 positive events" making it immediately clear that this is a significant issue affecting your organization.

This shift from abstract metrics to concrete events helps you:

  • Quickly identify which behaviors pose the greatest risk.

  • Understand the true scale of security issues.

  • Make data-driven decisions without interpreting complex scoring systems.

  • Communicate risk more effectively to stakeholders using real numbers.

How do I know which behaviors to prioritize?

Focus on behaviors with high numbers of negative events, particularly those that align with your organization's security priorities or compliance requirements.

Can I see historical data in these reports?

Yes, you can adjust the date range filters to view behavior trends over different time periods.

How can I share these insights with my security team or leadership?

Use the PDF export feature to create shareable reports, or export the data to CSV for further analysis.

Related Articles
How to use CybSafe behaviour reporting
CSV security behavior event upload
Explainer: Nudges & alerts reports
How to use the new Phishing reports
How to use the new Learning reports
Did this answer your question?