Security Awareness Training

    Mimecast Recognized in Forrester’s First-Ever Human Risk Management Solutions Landscape

    New Forrester report provides guidance as security awareness training evolves into human risk management

    by Masha Sedova

    Key Points

    • New Forrester research confirms the importance of the evolution of security awareness training into the human risk management (HRM) market. 
    • Now is the time for security professionals to evolve their security awareness training to include HRM. 
    • Organizations should take advantage of the introduction of HRM to reintroduce and reinvigorate awareness training.

    Forrester has released its first Human Risk Management Solution Landscape report, which covers the human risk management (HRM) market. The report recognizes Mimecast. 

    Security buyers can use the Landscape report to: 

    • Understand the value they can expect from an HRM solution. 
    • Learn more about how HRM vendors differ. 
    • Investigate their available options based on vendor size and market focus. 
    • Improve and reinvigorate security training at their organization. 

    Key insights from the Forrester report 

    • “Forrester predicts that 90% of data breaches in 2024 will have a human element, up from 74% in 2023.” 
    • “In the long term, adaptive human protection will free employees to do their jobs without constant training on all aspects of security.” 
    • “For more than 25 years, the market was called ‘security awareness and training’ — until the recent emergence of disruptive technologies spurred an evolution of the discipline into HRM, which should move fully from concept to reality this year.” 
    • “CISOs see training’s limitations and use HRM to detect human behavior and measure and manage risk.” 
    • “CISOs struggle to discern HRM vendor capability and articulate the need to move away from compliance-based training.” 
    • “GenAI will help to improve human behavioral analytics and adapt training, policy, and processes to protect humans.” 

    The Evolution of Security Awareness and Training 

    Forrester previously referred to the HRM market as security awareness and training, but now believes HRM is the next evolution, as does much of the cybersecurity industry. 

    The new HRM category will better represent what security leaders really desire, which is the ability to measure risky behavior and real risk reduction, as well as the ability to adapt training, policies, and technology to an employee’s risk profile.

    Security Professionals Should Take Advantage of HRM 

    The release of this Forrester report is a strong indication that the security awareness training market is in a time of major transition as it becomes focused on human risk management. HRM will no doubt continue to gain momentum with security leaders. 

    Forrester’s analysts highlight the importance of security buyers educating themselves in this new evolution. HRM may be a new name, but security professionals should use this development to further highlight the need for security awareness and HRM throughout their entire organization. 

    Security leaders should take advantage of the evolution of security awareness training into HRM in order to: 

    • Assess potential HRM investments and evolve security awareness programs.
    • Re-ignite interest in security awareness training programs. 
    • Introduce HRM to all areas of their organization. 
    • Align awareness training’s capabilities to core HRM use cases.

    HRM and Awareness Training Should Work Together 

    As security professionals evolve their security awareness training strategy to consider all aspects of human risk, it is important for them to understand that awareness training and HRM are not in opposition to each other, but instead, are better together. 

    HRM provides an understanding about what employees do in relation to security. It allows security teams to learn about the good and bad security decisions employees regularly make, gives them a clear vision of which users are repeat offenders, and provides insight into how frequently users are being targeted. With this understanding, security leaders can gain a picture of the distribution of risky employees across their organization. 

    This visibility allows for a much more precise application of security interventions like training, feedback, and nudges to the workforce allowing for the right training to be delivered to the right person at the right time. 

    Mimecast’s suite of products in combination with Elevate’s capabilities offers security practitioners the ability to take their security awareness programs to the next level.   

    The Bottom Line 

    The Forrester report recognizes Mimecast among “notable vendors” in the space. The report lists Mimecast Awareness Training’s industry and geographic focus: financial services, manufacturing, and retail customers in North America and EMEA.  

    We believe Mimecast’s vision for HRM aligns powerfully with Forrester’s perspective on the future of the market. Moving beyond just security awareness training, HRM from companies like Mimecast should provide customers with expert workforce cybersecurity skills assessments, adaptive human protection, and a reduction in their security training burden. 

    Those wanting to learn more should download the full Forrester report and check back frequently to the Mimecast Cybersecurity Insights Blog as more details about Mimecast’s HRM roadmap become available. 

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top