How CultureAI Are Redefining Nudges in Cyber Security
CultureAI, a specialist in human risk management, is enabling employees to assess and address their security risks with just a single click.
The concept of 'nudge' has recently become a popular term in cyber security, frequently misunderstood as mere 'notifications'. CultureAI is setting out to redefine this notion by applying the principles of Nudge Theory to create actionable Nudges.
Rather than bombarding employees with forgettable reminders and notifications for security awareness training, the CultureAI platform strategically issues Nudges—targeted, timely prompts that are issued only when there is a concrete, actionable step an employee can take to reduce risk.
“Human behaviour is the biggest cyber risk for companies and yet we know most employees inherently want to do the right thing,” says James Moore, Founder and CEO at CultureAI. “By nudging employees to stop and reconsider their actions in real time, they are empowered to make the right choice at the right time.”
Nudges are an essential tool in enhancing cyber security and managing human risk and have multiple use cases. For instance, preventing unintentional sharing of sensitive information on public channels such as Slack or Teams, and ensuring that sensitive documents stored on cloud services like Google Drive or OneDrive are not mistakenly shared with incorrect users.
Mistakes are inevitable, and even the most security-conscious employees can slip up. However, these risks are manageable. Through the strategic use of security Nudges, CultureAI not only helps in identifying risks that might have gone unnoticed but also significantly reduces the time needed to resolve incidents – from days to minutes, or even seconds.
CultureAI’s Nudges offer significant advantages:
- Reduced mean time to resolution: By allowing for the immediate identification and fixing of risks without the need for SOC intervention, incident resolution time is drastically decreased.
- Empowered employees: Security teams can use Nudges to set guardrails and guide employees to use SaaS and GenAI apps securely. Only nudging them when they engage in risky behaviours such as sharing confidential information in a public channel.
- Behavioural change: Busier individuals tend to fall into automatic, error-prone Type 1 thinking. A timely Nudge can shift them to logical, safer Type 2 thinking when it is appropriate to do so.
- Meet people where they are: Nudges are delivered precisely when and where the risk occurs, which increases employee engagement.
- Auto-resolution: If employees ignore a Nudge, it can be configured to remediate automatically after a predetermined period.
"I envisage a future where Nudges and Automated Interventions will fix 100% of human-related security risks," says Frederick Coulton, Head of Product at CultureAI. “By allowing employees to make informed security decisions at the precise point of risky behaviour, within the applications they're using, this enables risks to be resolved instantly without requiring security team involvement.”