In a landmark cybersecurity initiative, a large electric and water utility in the American Southwest has significantly enhanced its human risk visibility by deploying Living Security’s Unify platform. The move marks a growing trend among critical infrastructure providers to address the behavioural dimensions of cybersecurity — an area often overlooked in traditional compliance-based training.
Over a twelve-month period, the utility doubled its Human Risk Index (HRI), achieved three times greater visibility into risky user behaviour, and reduced overall human risk exposure by more than 90%, all without increasing staff workload.
From Blind Spots to Behavioural Intelligence
Prior to the deployment, the utility faced a familiar challenge: despite robust technical defences, employees continued to click phishing links at unpredictable rates, and fragmented behavioural data left management uncertain about where the greatest vulnerabilities lay.
“We had strong controls, yet we were flying blind when it came to human behaviour,” said a security executive involved in the project. “Living Security gave us the ability to see patterns we didn’t even know existed.”
The initiative began with a six-to-eight-month baseline study, collecting anonymized behavioural and threat data. Once patterns emerged, Living Security introduced Behaviour Scorecards — personalized dashboards that helped employees understand their individual risk profiles, from phishing tendencies to password reuse and endpoint hygiene.
Unlike generic training modules, these insights enabled contextual micro-training tailored to each employee’s risk behaviour, empowering staff to proactively improve their cybersecurity posture.
Strategic Shift in Cyber Resilience
Ashley Rose, CEO and Co-founder of Living Security, described the approach as the “HRM Blueprint”: observe first, act with intention, and measure change.
“This utility turned what was invisible into outcomes leadership can fund,” Rose explained. “They moved from reactive awareness to strategic behaviour change — and that’s the future of cyber resilience.”
Independent research supports these outcomes. The 2025 Cyentia Institute State of Human Cyber Risk Report found that organizations using Living Security’s solutions experience three times greater visibility into human risk, expanding to five times as integrations and behavioural signals increase.
Operationalizing Human Risk Management
The Unify platform enabled leadership to correlate individual and team behaviour with security outcomes, transforming risk data into actionable intelligence. By automatically identifying the top 10% of high-risk users and triggering real-time interventions, the utility not only improved security but also demonstrated measurable ROI on awareness programs — a longstanding challenge in cybersecurity culture initiatives.
Living Security’s upcoming virtual conference, HRMCon 2025, will further explore these capabilities. The event promises to unveil new advancements in managing both human and “agentic” risk — bridging the gap between human decision-making and AI-driven automation.
Industry-Wide Implications
The success of this utility reflects a broader shift in cybersecurity philosophy. Organizations are increasingly moving beyond compliance-based awareness training and adopting Human Risk Management as a measurable data discipline. By quantifying behaviour and linking it directly to operational metrics, companies are turning cultural transformation into a science — making human-centric defence scalable and effective.
About Living Security
Founded to humanize security awareness, Living Security is now a global leader in Human Risk Management. Its Unify platform integrates behavioural, identity, and threat data across enterprises, delivering up to 5× greater visibility into human risk than traditional compliance programs. By combining AI-driven analysis with human expertise, Unify identifies the small percentage of users responsible for the majority of risk and automates timely, personalized interventions.
Trusted by global enterprises including Unilever, Mastercard, Merck, and Abbott Laboratories, Living Security continues to redefine cybersecurity resilience. More information is available at www.livingsecurity.com
