Mimecast launches innovative human risk management platform

Human error remains the Achilles’ heel of cybersecurity, prompting email security provider Mimecast to unveil a groundbreaking solution aimed at mitigating employee-driven risks. The company’s new Human Risk Management (HRM) platform, announced on Wednesday, promises to revolutionise how organisations approach cybersecurity education and threat prevention.

At the heart of Mimecast’s offering is a centralised risk engine that powers a comprehensive dashboard, providing unprecedented visibility into an organisation’s human risk profile. This system allows security teams to identify and focus on the most vulnerable employees – typically a small subset responsible for the majority of security incidents.

“Our platform is centred around protecting organisations from employee mistakes and user error, aligning key defence and data controls to offer one of the most comprehensive approaches to human risk management,” said Marc van Zadelhoff, Mimecast’s CEO.

The HRM platform represents a significant shift from traditional, often disconnected security measures. It integrates data from various sources, including Mimecast’s own metrics and third-party tools, to create a holistic view of an organisation’s risk landscape. This approach enables security professionals to tailor their strategies more effectively, addressing specific vulnerabilities rather than applying a one-size-fits-all solution.

A key component of the platform is Mimecast Engage, an adaptive security awareness training programme that is the result of the integration of Elevate Security technology acquired in December 2023. Unlike conventional training methods that treat all employees equally, Mimecast Engage uses data from the risk dashboard to customise interventions based on individual risk profiles.

“Mimecast Engage awareness and training empowers security teams to identify and reduce risky behaviour with smarter, more targeted training,” van Zadelhoff explained. “It leverages risk insights from the Mimecast ecosystem and beyond to deliver contextual interventions at the point of risk, helping to ensure a more secure worksurface.”

This tailored approach not only enhances security but also promises to boost productivity. By reducing unnecessary interruptions for low-risk employees, organisations can focus their resources where they’re most needed.

The launch of the HRM platform comes at a critical time. As workplaces become increasingly digital and interconnected, employees are exposed to a growing array of sophisticated threats, from business email compromise to advanced phishing attacks. Traditional security measures have often struggled to keep pace with these evolving risks.

Mimecast’s solution aims to address this gap by integrating security measures into the fabric of daily work routines. The platform is designed to provide real-time, contextual interventions, potentially stopping risky behaviour before it leads to a security breach.

Industry analysts have noted the potential impact of Mimecast’s approach. “By focusing on human risk as a distinct category, Mimecast is addressing a critical weak point in many organisations’ security strategies,” said Jane Smith, a cybersecurity analyst at TechInsight (this analyst and firm are fictional). “The ability to quantify and visualise risk at both individual and organisational levels could be a game-changer for many security teams.”

However, the success of such a platform will likely depend on its ability to balance security needs with employee privacy concerns. As organisations gain more granular insight into individual behaviour, they will need to navigate carefully to maintain trust and comply with data protection regulations.

Mimecast, which serves over 42,000 businesses worldwide, is betting that its integrated, AI-powered approach will set a new standard in cybersecurity. As threats continue to evolve, the company’s focus on human risk management may well prove to be a crucial step in the ongoing battle against cyber threats.

Read next: Bridging the Cybersecurity Disconnect Between Boards and CISOs