Hackers are more con artists than nerds these days.
Instead of probing networks and sending viruses, they impersonate co-workers, stage false urgency to provoke impulsiveness, or entice frustrated teams to reveal their secrets.
To do this, hackers use the entire range of human weaknesses: they create stress and distractions, they appeal to obedience to authority and ambition, and they exploit shame and arrogance.
Cybersecurity risks today are less about technology and more about behavior.
of all cybersecurity breaches involve the human element.
(Source: Data Breach Investigations Report 2022)
The medical and aviation industries, nuclear power plants and the military manage twelve human risks. Current cybersecurity practices consider only three.
Industries where human error can cause great harm have been researching how to identify and change behavioral risks for decades. The twelve risks they manage are known as the Dirty Dozen.
But cybersecurity experts focus on only three of these factors:
lack of knowledge about threats and how they work
lack of awareness to signs of a threat
lack of resources, i.e., wrong or poor tools
As an example: when employees don't lock their computers because they take too long to unlock again, their devices are replaced. When they fail to lock their computers because they are distracted and exhausted, which is just as dangerous, the risk tends to remain unaddressed, since there's no technical pathway to mitigate it. And yet, both situations pose exactly the same danger.
adair uncovers previously unseen behavioral risks.
adair is the first software that can reveal all behavioral cybersecurity weaknesses of a team and show how to eliminate them.
It is a self-contained, intuitive, and automated tool with an accuracy of ± 4%.
adair reveals both the problem and the solution.
Too many diagnostics and analysis systems leave users alone with the data, without supporting them in their search for actual solutions.
adair provides an extensive repository of explanations and recommendations on how to control the risks that it has revealed.
adair is accurate, reliable and effective –
adair is hard science.
Both the measurement methods and the recommendations behind adair come from reputable, publicly available, and widely accepted studies that have undergone peer review. No buzzword bingo, no ideologies, no “proprietary research”: adair contains only proven practices and hard science.
Hundreds of thousands of studies with millions of participants.
90 years of research on human risks
60 years of research on quantitative sociology
All wrapped up in a modern and accessible tool.
It measures and visualizes team realities that are relevant for cybersecurity…
… explains in detail what they mean and what their impact is…
… and then provides clear, pragmatic and highly effective instructions on how to shape them.
Team by team.
“If the airline industry had the same problems
as cybersecurity, we'd have about 70 planes
falling out of the sky every day. [...]
The persistence of human performance
problems in cybersecurity exists due to an
under-education on human factors. [...]
Now is the time for the cybersecurity industry to
get serious about human factors.”
Dr. Calvin Nobles
Chair of the IT & management department
of the Illinois Institute of Technology