ATEA - The Evolution of Human Security

ATEA · Security

The way we protect
people at work
is evolving.

You've invested in security awareness. That was the right call. Here's what's changed since - and what the next step looks like.

The Evolution

You built an
awareness programme.
That was the right call.

Your people are more aware, your culture is stronger, and that foundation is exactly what the next step builds on.

What You Built

A stronger security culture

Training modules. Phishing simulations. Completion tracking. Your employees are more aware than they were before. Your organisation has a programme. That's the foundation - and it matters.

What Changed

The threat got personal

Attackers now use AI to tailor attacks to individuals - their role, their writing style, their projects. The emails don't have red flags any more. The threat evolved past what generic training was designed to catch.

What's Next

Making your programme intelligent

Your foundation stays. What gets added is an intelligence layer - so your programme knows who's at risk, responds to behaviour in real time, and produces evidence that it's working.

Sound Familiar?

Three things you've
probably noticed.

These aren't failures - they're where first-generation tools were designed to stop.

You've Noticed

"We can't see who's actually high-risk"

Everyone completes the same modules. But you probably have a sense that some people are more exposed than others - you just don't have a system that shows you who. Risk isn't evenly distributed, but the programme treats it as if it is.

You've Noticed

"When someone clicks, the follow-up is thin"

Someone fails a phishing test. They get a video or a reminder. Next quarter, the same person clicks again. There's no way to track whether their behaviour actually changed - because the system wasn't built to measure that.

You've Noticed

"The board asks if it's working - and we show them completion rates"

You know completion doesn't tell the whole story. But it's the best metric the current system gives you. The gap isn't effort - it's what the tool was designed to measure.

The Upgrade

Your current setup
made smarter.

Same foundation, same programme - with an intelligence layer that makes it measurable, targeted, and adaptive.

Your Current Programme	With Moxso On Top
Same content for everyone	Individual risk profiles
Runs on a calendar	Responds to behaviour
Measures completion	Measures risk reduction
Static simulation library	Live threat intelligence (OSINT)
Reports activity to the board	Reports a defensible risk score
No view on AI-related risk	Dedicated AI risk categories built in

The Regulatory Landscape

Regulators now ask:
does your programme
actually work?

Multiple frameworks now ask the same question: can you prove your programme is effective?

NIS2

Requires effectiveness assessment

Article 21 requires organisations to assess whether their cybersecurity measures work - not just that they exist. Management bodies must approve, oversee, and can be held liable.

DORA

Financial sector - stricter still

Digital Operational Resilience Act. Applies to banks, insurers, and financial infrastructure. Requires ICT risk management with continuous testing and board-level accountability.

CRA · CIS-18 · ISO 27001

The direction is the same everywhere

The Cyber Resilience Act targets product security. CIS-18 requires security awareness and skills training as a baseline control. ISO 27001 expects measurable security objectives. Every framework is moving from "do you have a programme?" to "does it work?"

Behaviour Signals → Risk Profiling → Targeted Intervention → Resilience Score → Continuous Improvement

How It Works

One continuous loop.
Always running.

Moxso captures behaviour, profiles risk, intervenes where it matters, and proves it worked - then loops back.

Capture

Real behaviour - clicks, reports, engagement - becomes structured data.

Profile

Each person gets an individual risk score across 16 categories.

Intervene

Targeted action triggered by behaviour - not a calendar.

Prove

The Human Resilience Score - risk reduction measured over time.

Always On

Signals captured continuously from real behaviour. No waiting for quarterly campaigns.

Individual Risk Scores

Every employee profiled across 16 risk categories. You see exactly who needs attention.

Board-Ready Proof

The Human Resilience Score gives leadership a single, auditable number - not a completion rate.

Fits Your Stack

Feeds into SOC, SOAR, and existing reporting. One more signal source - not another silo.

Getting Started

We set it up with you.
From A to Z.

Moxso's Customer Success team walks you through every step - you're never configuring alone.

1

Import your users

Our CS team helps you get started with Microsoft, Google Workspace, or CSV import. Integrations with Drata and Vanta available for compliance workflows.

Day 1 · Guided by CS

2

Configure your programme together

Simulation types, training paths, reporting cadence - your CS lead configures this with you based on your current setup and priorities.

Day 1–2 · Guided by CS

3

First signals within the week

Initial phishing simulations deploy. Behavioural data starts flowing. Risk profiles begin building. The Human Resilience Score is live.

Day 3–5 · Automatic

4

Continuous intelligence from there

The system gets smarter every day. Your CS lead stays with you for ongoing reviews, optimisation, and quarterly reporting.

Ongoing · CS-supported

Plans & Capabilities

Four tiers.
Start where
you are.

Every tier includes the Human Resilience Score. Essentials matches what you're likely paying for today. Understand is where the intelligence layer begins - that jump is the whole point.

Pricing is per user / per year. Talk to your ATEA contact for volume and multi-year terms.

01

Essential

Keep training and phishing running without manual effort.

02

Understand

Identify high-risk teams and focus security where it matters most.

03

Adapt

Automatically target high-risk users and reinforce weak behaviours.

04

Defend

Prove human-risk maturity with governed policies and audit-ready reporting.

The Transition

From where you are
to where you
need to be.

Your awareness layer stays. Moxso makes it intelligent.

You Keep

Everything you've already built

Your awareness programme, your training culture, your phishing simulations - all of it stays. Moxso needs that foundation. It's what makes the intelligence layer work.

You Gain

Visibility, targeting, and proof

Individual risk profiles. Behaviour-triggered intervention. The Human Resilience Score - a single number that tells the board whether the programme is reducing risk. Trending over time. Audit-ready.

It Takes

Days, not months

Connect your identity provider. Configure. Deploy. Most organisations are live within a week. No new infrastructure. No disruption to what you're already running.

Next Step

See what your
programme looks like
with intelligence
switched on.

60-minute walkthrough. We'll look at your current setup and show you what Moxso adds.

Reach out to your ATEA contact to schedule a walkthrough

You built anawareness programme.That was the right call.

Three things you'veprobably noticed.

Your current setupmade smarter.

Regulators now ask:does your programmeactually work?

One continuous loop.Always running.

We set it up with you.From A to Z.

Four tiers.Start whereyou are.

From where you areto where youneed to be.

You built an
awareness programme.
That was the right call.

Three things you've
probably noticed.

Your current setup
made smarter.

Regulators now ask:
does your programme
actually work?

One continuous loop.
Always running.

We set it up with you.
From A to Z.

Four tiers.
Start where
you are.

From where you are
to where you
need to be.