Select Page

If you want to change security behavior, stop thinking like a security professional, start thinking like an entrepreneur.

CYBSAFE-SebDB Webinar-preblog-221011MS-36

14 October 2020

In 1998, Evan Goldberg revolutionised an industry. This is what we can learn from his story.


It was 1998.

Evan Goldberg was the owner of a one failed start-up and another that was yet to make a single sale. Still, as he worked on his new venture – from an office above a hair salon – Goldberg was resolute. 

His new venture? A cloud-based platform that gave accountants a single version of the truth.

No more working in isolation. No more struggling to prove the value of their work. No more guesswork.

Not very exciting unless you’re an accountant! But, it solved a major problem. So Goldberg kept his head down and worked. Eventually, it grew to the NetSuite we know today. A cloud system for managing enterprise resource planning.


The importance of information

Information is processed data, presented in a way to make it meaningful and useful.

Goldberg understood this. Before he created “NetSuite”, accountants rarely knew for sure where their figures sat within wider business context. As a result, they did much of their work based on what felt right.

In 2020, security awareness professionals face a similar challenge managing human cyber risk. 

We know people are linked to security incidents. But measuring the impact of individual behaviors, or the associated risk, is hard.

As a result, many security behavior change programmes are run the same way accountancy was 20 years ago.

Data belonging to different departments is fragmented. Details are recorded on clunky, self-made dashboards. Decisions are made because they feel like the right thing to do. 

Often, little information exists to show whether efforts are changing behavior. Or better yet, reducing risk at all.

It’s not failing on any one person’s part. Security professionals have simply never had a reliable way of measuring human cyber risk.

Like accountants pre-NetSuite, we’re aware of the measurement problem. And we have cumbersome workarounds. But we could all do with something more accurate. 



At CybSafe we want to help. We want to reduce the number of security incidents caused by people. We want to make it easy to show compliance and reduce risk at the same time.

As part of that, we’ve launched Behavior-IQ – a risk management and analytics tool that helps to measure and track security behaviors.

Behavior-IQ measures and tracks over 70 security behaviors. It then shows how much each behavior affects cyber risk.

Behavior-IQ uses data from the CybSafe platform and from your existing IT or security tech stack. It also connects your systems with SebDB – the world’s most comprehensive security behavior database.

Behavior-IQ was built to contextualise performance using industry benchmarks. To prioritise behaviors to change. And to give detailed recommendations to reduce associated risk.


Information means focus

In 1998, Evan Goldberg’s NetSuite solved a specific problem. It decentralised operations data. It made it simple to see where professionals should focus their time and efforts. In doing so, it changed how businesses operate forever.

22 years on, we believe Behavior-IQ is the security equivalent. An information portal that makes it easy to see where to focus time, effort and resources.

It’s a human cyber risk management tool designed for security awareness professionals and security leaders responsible for their organization’s people-related security controls. It’s in its first stages of release and we’d like your help to refine it.

If you’re a CybSafe customer, you can sign up for an early access trial via the in-app notification:

If you’d like to see how Behavior-IQ could benefit your organisation, get in touch with us:

Behave Hub newsletter CybSafe

Do one more thing right today. Subscribe to the Behave newsletter

You may also like