The Security Incident category is being enhanced with new CTI indicators through the partnership with ANOZR WAY.
What is Cyber Human Risk?
Human cyber risk encompasses all behaviors, actions, or omissions—whether intentional or unintentional—that could compromise the cybersecurity of an organization or an individual.
Today, human vulnerabilities are the main entry point for cybercriminals. They exploit the large amount of publicly accessible or stolen information to refine their attack scenarios: social engineering, phishing, identity theft, account compromise, fraud, etc. For them, exposed personal data is a goldmine. Public profiles, uncontrolled digital footprints, and correlations between professional identifiers and personal usage together create an expanded attack surface, often poorly addressed by traditional technical cybersecurity approaches.
In general, human cyber risk tends to increase under the influence of several factors:
- The growing volume of personal data that can be exploited by hackers, driven by the massive and ever-expanding use of social networks
- Large-scale attacks on public and private organizations aimed at collecting users’ critical personal data
- The rise of remote work and the blurring of boundaries between professional and personal life
- The advancement of OSINT (Open-Source Intelligence) techniques used by attackers
- The automation and industrialization of social engineering attacks (e.g., personalized phishing/smishing, identity and account theft)
- The increasing sophistication of Deepfake technologies.
What is the methodology used to calculate the risk level?
The risk level is a weighted sum of various threat indicators. These indicators are calculated based on information found on the dark web, making the threat probable. The weights of the different indicators have been calibrated based on the measurement of risk for over 10,000 domain names.
How does the score change over time ?
The risk indicators related to data breaches have a validity period of 6 months. If a domain name no longer experiences data breaches for 6 months, its score decreases to 0. For ransomware, the impact on the score decreases according to a decreasing exponential.
Are leaks counted with a different weighting depending on whether they are recent or not?
Yes, leaks older than six months no longer affect the score.
Is it Possible to Improve the Rating?
Remediations in ANOZR WAY products will be taken into account in the score in future developments.
Which Regulatory Framework Applies to This Assessment?
To be lawful, the processing of personal data must be based on a "legal basis" provided by the GDPR. There are six legal bases in total, and we rely on the legitimate interest basis, which allows us to process these data. In other words, there is a legitimate interest (in this case, a cybersecurity necessity) that authorizes the processing of personal data. European institutions and the CNIL explain that cybersecurity-related processing is based on this legitimate interest basis.
For a client receiving the human risk score in the Security Rating, what additional value does contracting with ANOZR WAY provide ?
The human risk rating integrated into Security Rating provides initial visibility, but it remains focused on a restricted set of attack scenarios (account and identity theft). This approach, although relevant, does not reflect the entire range of threats to which employees and executives are exposed. ANOZR WAY solutions complement and enrich this vision by covering a much broader spectrum of cyber risks, including targeted phishing, SIM swapping, smishing, and other forms of attacks exploiting human vulnerability.
Another major difference: Security Rating does not integrate the personal dimension of digital exposure, whereas this is a frequent entry point for cybercriminals. ANOZR WAY goes further by rebounding from professional data to personal information, revealing invisible vulnerabilities in an analysis limited to the professional perimeter.
Finally, ANOZR WAY is not limited to evaluation. The solution provides concrete and personalized action plans to remediate and reduce individual exposure and risk level over time. While Security Rating provides a snapshot at a given time, ANOZR WAY offers a dynamic protection and active reduction of human risk.
For more information, visit the ANOZR WAY website.