The

Human Risk
Management
Playbook
Practical steps to inspire
security in your
organization and reduce
human risk.

Cybersecurity is often seen as a

problem that can be solved with
technology, despite 90% of breaches
being attributed to human error.

We can help. phishing link

You have all the technology in the

world (enterprises average 75
different cybersecurity tools), but
that doesn’t address human error.
Isn’t it time to solve the problem
instead of being frustrated that
employees still click on phishing
links?

Top 6 challenges we
hear from enterprises

1 Lack of How did completing security awareness

training become the goal? Sure,
Focus checking boxes feels good, but it
doesn’t change behavior.

2 Using a Single
Stimulus
Phishing simulations are important, but
campaigns that use a variety of methods keep
topics fresh and make sure employees are ready
for the range of cybercriminal tactics they’ll face.

One and Done Training

3
Threats are constant, your awareness training should be
viewed as a goal for continuous improvement. Get
real-time metrics and status of who needs some help,
and in what categories of risk they need it in.

Lack of C-suite Support

4 If IT leadership is the only one saying this is
important, then the security culture suffers by
taking a back seat. For real change to happen,
get your senior leadership on board.

5
Failure to Reward Success
Employees can be our strongest security asset when
we celebrate the behavior we want to see. Reward
them for spotting and reporting threats and
recognize them as champions in your organization!

6
“Boring Training”
Your content should be engaging, gamified to
stir the competitive spirit, and no more goofy
cartoons or cheesy Captain Phish-fins – you
need professional content in a comprehensive
campaign.

Over 150 enterprise customers chose to make

the move to Living Security because we get it.

We were founded on the principal that

cybersecurity training isn’t the goal,
improving cybersecurity is.
Our Human Risk Management platform helps decision makers identify gaps
and strengths across your enterprise and provides real-time training
intervention to help strengthen your security posture, change behavior, and
change your security culture. Solve for cybersecurity, don’t just check the
box for training.
 Playbook
Use Case: Problem
Phishing No meaningful and
measurable way to
Remediation educate our riskiest
employees.

Have you trained your employees to look out for phishing

but hundreds of them still click on simulations?

Evaluate your tactics

Carrot vs Stick – Create a repeatable

remove stigma of remediation
the clicker program

Use Cyber Escape Online

to Solve for Phishing

Help Users Learn &

Have Fun Doing It

Gamify Learning – reward the

teams that escape the room fastest.

Get Specific – CyberEscape Online teaches

them how to craft a phish like a bad guy.

Increase Retention – experiential

learning is 16x more effective.

Develop Trust with the Security Team

– promote engagement and create
bridges between groups.

Support the learning objectives

with ongoing training

Sample program
Week 1:
Phishing 101 module

Week 2:
Themed Phishing module
6 minutes
total Week 3:
Vendor Email Compromise module

Week 4:
Spear Phishing module

Impact Value:

A Fortune 50 client put it to the test:

Employees that went through

CyberEscape
Rooms
vs General
employees

lower click rate on phishing

45% simulations by the
CyberEscape Room group.
 Playbook
Use Case: Problem
New Hire How do you create a
Training relationship with new
employees?

Show new hires how your organization values and

prioritizes security.

Important AND fun!

Ideal Outcomes:
✓ Long term relationship with employees

They get a 30 min session to understand the

✓ company’s security culture

✓ Get a baseline understanding of their security

knowledge to identify opportunities or risks

Lead with fun; first experience with security

✓ will be full of smiles

Use CyberEscape Online to

Get New Hires Started Right
Welcome New Hires
with a mandatory
training that gets them
ramped up quickly

Build Trust – provide a warm

welcome from the Security Team.

Team Building – a safe place to meet and

have fun with other new hires.

Set a New Expectation – that

Security Training will be the most fun!

Gamify Learning – reward the winning

team with a company hoodie!

Follow-up for Success!

Promote the next Escape Room

1 (multiple story lines to choose from)

30
2 Use surveys to determine retention
metrics
30 days
post event 3 Strengthen internal NPS

Impact Value:

A Fortune 50 client put it to the test:

Employees that went through

CyberEscape
Rooms
vs General
employees

lower click rate on phishing

45% simulations by the
CyberEscape Room group.
 Playbook Problem
Use Case: One size does not
Role-based fit all. Provide your
employees with
content targeting
Trainings threats specific to
their role.

Ideal Outcomes:

✓ Employees understand why security

is important to their respective roles

✓ It speaks their language in terms

they will understand and can
visualize

✓ Reinforcement with ongoing training

that is short, consumable,
repeatable

Customize Your Program

with Role-based Trainings
R E C O M M E N DAT I O N S F O R S U C C E S S :

Identify which roles to

start with, either based on Living
Security Analytics, Privileged Users, or
groups you have already identified.

Select the most important topics for that

role to start with. Start with the “Why Security
Matters…” for that role.

1 Use the “Why it matters” Living Security modules

supported by a message in their slack group.

2 Reach out to leadership of that group to get their

buy-in before kick off.

3 Ask to join their next meeting to explain the goals

and the program. Identify your champions.

Incentivize competition:
4 • Time-based team events like CyberEscape Rooms
• Move up the leaderboard by scoring points in
training modules
• Reward the top 5 with prizes each month

5 Keep security top of mind with Living Security’s

“Campaign in a box”. Every month gives you fresh,
easy-to-execute, topical campaigns that will
resonate with these roles and build excitement for
the program.

Executive Bundle
• Why Executives are Targeted
• Executive Threat Insight
• Executive Privacy
• Executive Travel Secure
• Whaling

HR Bundle
• The Squad Series
• Day in the Life - HR
• Data Classification
• Privileged User
• Business Email Compromise
• Working From Home

Finance Bundle
• The Squad Series
• Day in the Life - Finance
• Vendor Email Compromise
• Advanced Financial Social Engineering 
• Insider Threat
• PII/PCI 
• Synthetic Identity Theft

Exec/Admin Assistant Bundle

• The Squad Series
• Themed Phishing
• Password Reuse
• Staying Safe Online
• Cloud Security
• Smishing

Customer Support
• Customer Support "why"
• Vishing
• PII
• Advanced Financial Social Engineering
• PCI

Impact Value:

Get the right people trained

up on the right topics!
 Playbook Problem
Use Case: Lengthy, compliance-
Annual focused training once
a year doesn’t lead to
retention (and is
Training usually boring).

Ideal Outcomes:

✓ Consistent, relevant and fun training

experience

✓ Engagement -> Retention -> Lasting behavior

change -> Strengthened Security Posture

✓ Engaging and immersive learning content that

sticks

✓ Measurable impact - “My program is working,

here is the data to prove it!”

Go Beyond One-time
Annual Training
How to Evaluate your
Current Program

Identify what’s working with

your program today.

• Survey and meet with

employees to get feedback

• Common complaints - too

long, not relevant, childish
cartoons, repeat of last year

Keys to Success:

1 2 3

Build off what’s Cut what’s not. Bad Measure, evaluate,

working. training is worse iterate.
than no training.

Think big:
What would my
program look like if I
had a magic wand?

Tips/recommendations:
• Shorten your yearly program time investment.
• Break it up into quarterly or down to monthly
sessions.
• Incentivize it, go beyond “it’s mandatory”.
Provide ongoing learning to increase retention.

How to:
Grow your program with your
Living Security CSM to:

1 Align with your company’s core values

Stay up to date with the latest content and

2 program support

3 Meet audit and compliance requirements

4 Measure efficacy, adjust and iterate.

Sample plan:
Annual – quarterly – monthly
(with 5 minutes/month)

Compliance modules
(GDPR, PII, CCPA, PHI,
Data Privacy, more)

Impact Value:

Win over your colleagues and executives

while checking the box for compliance!