Continuous Security
Adaptive security awareness training, automated phishing simulations and quantified human risk scores — fully managed by Blackfoot, so your people become a defence rather than an exposure.
Most successful attacks start with a person, not a firewall — a convincing email, a moment of distraction, a password reused one time too many. Yet most organisations still address this with an annual training session that is forgotten within weeks and measured only by completion rates. Human risk management takes a different approach: measure the security risk that comes from people's behaviour, and reduce it continuously.
Blackfoot's managed human risk management service combines AI-powered adaptive security awareness training, automated phishing simulations, human risk intelligence, and contextual security nudges — delivered and managed by Blackfoot through our human risk management platform on an annual subscription. It is a running programme with a team behind it, not a one-off training project.
Adaptive training gives each employee personalised three-to-five-minute microlearning based on their individual risk profile, role, and observed behaviours, delivered through the platform, by email, or within Microsoft Teams. Automated phishing simulations run realistic rolling campaigns tailored to your sector and threat landscape, with anyone who clicks immediately served targeted training. Human risk intelligence quantifies individual and organisational risk scores from behaviours, simulation results, training engagement, and policy compliance — producing board-ready reporting and compliance evidence. Security nudges reinforce good habits with contextual reminders at relevant moments, keeping security visible between training sessions.
Your subscription includes platform access for all licensed users, a role-based content library with gamified and interactive scenarios, compliance-aligned reporting for ISO 27001, NIS2, GDPR, and Cyber Essentials, and full onboarding. Blackfoot manages the programme throughout — campaign scheduling, content optimisation, results analysis, and quarterly reviews — with direct access to our expertise whenever you need it.
The outcome is measurable: declining phishing click rates, rising reporting rates, and quantified risk scores with trends you can put in front of the board and your auditors. Just as importantly, it builds a genuine security culture — training that is continuous, engaging, and relevant to each person's role earns attention in a way annual compliance sessions never do, and the nudges keep good habits alive between sessions.
It is worth being clear about scope. The subscription covers your licensed users with the platform's role-based content library; it does not include bespoke content development, and one-off phishing or vishing assessments are delivered through our separate social engineering testing services. What it does deliver is the thing point-in-time exercises cannot: sustained, measurable change in how your people respond to real attacks.
Personalised three-to-five-minute microlearning per employee, shaped by role, risk profile, and observed behaviour.
Rolling automated campaigns tailored to your sector, with clickers immediately served targeted training.
Individual and organisational risk scores with trends — board-ready reporting, not anecdotes.
Contextual reminders at relevant moments keep security visible all year round.
Reporting aligned to ISO 27001, NIS2, GDPR, and Cyber Essentials awareness requirements.
Blackfoot handles campaign scheduling, content optimisation, analysis, and quarterly reviews.
Over weeks one to four we configure the platform, import your users, build initial risk profiles, design and schedule simulations, set up training, and train your administrators — concluding with your first phishing campaign launched.
Simulations run automatically, adaptive training adjusts to each employee continuously, and risk scores update in real time.
Blackfoot reviews results and adjusts campaigns and content, with quarterly reporting on risk trends, phishing metrics, engagement, and compliance evidence.
Renewal includes a full programme review and next-year campaign design, so the programme keeps pace with your organisation and the threat landscape.
Straight answers to what prospective clients ask us most.
Annual training is a compliance event; human risk management is a continuous programme. Training adapts to each individual's role and behaviour throughout the year, phishing simulations run on a rolling basis, and risk is quantified so you can see whether behaviour is actually changing — declining click rates and rising reporting rates, not just completion certificates.
Very little. There is no technical setup for phishing simulations, and training is accessed via a simple link or single sign-on. Delivery through email or Microsoft Teams means training reaches people where they already work.
Reporting is aligned to the security awareness expectations of ISO 27001, NIS2, GDPR, and Cyber Essentials, and quantified risk scores and engagement records are maintained continuously — so audit evidence is available on demand rather than assembled at review time.
Yes, but under a different service. One-off phishing, vishing, and smishing assessments are delivered through our social engineering testing services. Human risk management is the ongoing programme that turns those point-in-time lessons into lasting behaviour change.
The platform provides an extensive role-based content library covering current threat scenarios, policy reinforcement, and sector risks, and campaigns are tailored to your sector and threat landscape. Bespoke content development is not included in the subscription — if you need fully custom material, speak to us about options.
Get a fixed-scope quote, usually the same working day.