All Collections
Reports
Behaviour reports
How to use CybSafe behaviour reporting
How to use CybSafe behaviour reporting

Manage your human cyber risk

Updated over a week ago

CybSafe behaviour reporting

CybSafe's behaviour reporting is a new way to manage human cyber risk. It works by analysing human cyber related data and articulating it in the context of security behaviours, which can be mapped to risk, and thus used to identify the likelihood of future risk, caused by people.

Our report is built upon SebDB, the world's most comprehensive cyber security behaviour database.

You can find out more information in the platform by visiting the associated science page.


Navigating to behaviour report

To access CybSafe's behaviours report, navigate to Reports > Behaviours > Overview.

Here you will find the overview report with recent behaviour changes at the top.

You will also see a snapshot of behaviour data for your organisation. You will be provided an overview of how many behaviours are being actively measured, what the coverage is, and how many users are being measured for behaviour scores.

Coverage is the percentage of users we see who are having their behaviours measured. A broad coverage of locations and types of users gives more accurate data.


Interpreting the scores

Our reports use industry averages to provide scores on two key aspects of behaviour.

Security behaviour score:

This is how well your users are performing in the behaviours you are measuring

CybSafe’s behaviour engine provides a security behaviour score. This shows the extent to which people engage in security behaviours. The security behaviour score is ranked from 0 through 100, 0 being the worst score and 100 being the perfect score.

The security behaviour score is directly tied to cyber risk. As a result of the SebDB open source research project, CybSafe can say that a score is good because the behaviours in question are having a direct impact on the risk-related outcomes.

To take a simple example, a score of 100 for using strong passwords significantly reduces the risk of account compromise.

This addresses a core challenge when it comes to measuring the human aspect of cyber security, i.e. how can we say that improvement in behaviour metrics correlates to a reduction in risk.

Scoring guide:

  • 80 and higher: Excellent

  • Between 50 and 70: Good

  • 40 and lower: Poor


Risk-related outcome score:

This is the likelihood of a risk-related outcome occurring based on the measurements we see.

CybSafe’s behaviour engine provides a risk-related outcome score. This shows the likelihood of a risk-related outcome occurring, such as account compromise. The risk-related outcome score rates from 0 through 100, 0 being the best score and 100 being the worst score.

This spider diagram shows where your risk sits. It also shows the likelihood of a risk-related outcome occurring. You can navigate further into the risk-related outcomes and find out more information.

Scoring guide:

  • 60 and higher: Poor

  • Between 30 and 50: Good

  • 20 and lower: Excellent


Interpreting behaviour data

Behaviours comparison

Below the overview, you will find Behaviour comparison.

This is a list of behaviour’s you are measuring and their associated security behaviour score.

You can filter the behaviours in the top right drop down box. You can filter by categories of behaviours, such as data handling, email phishing, MFA use, or secure browsing.


Individual behaviour overviews

Clicking on any of the behaviours shown in the list above will take you to a report for that behaviour and your organisations score for it.

Initially you will see at the top if the page the coverage and Security behaviour score for that behaviour.

Further down you will see options to assign a learning module, goal, and a nudge based on that behaviour to your users. If you want coverage or the score for a behaviour to improve, these are excellent, personalised ways of doing so.

You'll also see our recommendations for improving a behaviour score, as well as the Insights into how likely a behaviour is to change or influence other behaviours.

Finally you'll see further reading on the specific behaviour, with links to external websites and sources.

Moving to the Analytics tab, you will find breakdowns of how the data for how data for this behaviour is coming to CybSafe, which this article will cover in more detail further down.

Scores over time can be analysed as well, with an adjustable date filter. You can compare this against an industry benchmark to see how your organisation is doing.

The final tab, Activity Log, will show you a breakdown of what events have contributed to the overall score along with the user who had the event, the source of it and whether it contributed positively or negatively to the score.


Risk-related outcomes

You can select a risk-related outcome from the spider diagram, on the overview page, to dive into more detail. Within this screen, you can understand your risk over time. The lower it goes, the better. You can also see top contributors to risk, by group, and if needed, by user.

You can also see all the behaviours that tie to this specific risk-related outcome.


Where does behaviour reporting data come from?

  • CybSafe platform features: Data from the CybSafe platform automatically feeds into Behaviour scores, like phishing results and passphrase use.

  • Integrations: Cloud-based systems, SIEM tools, and even collaboration tools like Slack and MS Teams can be connected to behaviour scores. Find out what's available on our Integrations page.

  • Self reporting: People can self-report with our Goals function. Goals are sent to your people so they can review their engagement with security behaviours. They can be found on the CybSafe platform, or delivered via Slack and MS Teams. Self-reporting has its limitations, but can be useful for filling gaps where other tools are not available.


Still have questions?

If you still have questions, you can contact the CybSafe team via support@cybsafe.com. We’re on hand to help resolve any further issues!

Did this answer your question?