Mimecast Announces a Strong Performer Position in the Inaugural Forrester Wave for Human Risk Management

On the heels of its March 2024 HRM Landscape report, Forrester has recognized Mimecast as a Strong Performer in The Forrester Wave™: Human Risk Management Solutions, Q3 2024 report. This marks Forrester’s first official evaluation of the HRM market and the first notable evaluation from the analyst community. The release of this Forrester Wave for HRM is a major milestone in the development of the human risk management market.

The Wave evaluates the vendors that Forrester considers to be the most significant solution providers in the market and their accompanying research, analysis, and scoring. Rated as a Strong Performer, we believe we have  demonstrated undeniable momentum for Mimecast Engage and the Human Risk Management Platform.

In the report, Forrester cites the acquisition of Elevate Security (and their accompanying human risk analysis and intervention capabilities), as well as our plans to introduce the human risk dashboard to our 45,000 customers and plans for extensive third-party integration across the security ecosystem. Also referenced by Forrester is the calculation of human risk as the composition of actions (behavior), attacks, and access (identity). 

Forrester states in the report that organizations that have a “strong behavioral change drive” and a desire to “move beyond SA&T” should consider Mimecast.

How HRM Has Evolved, and Why It’s So Critical

In the past, organizations have tried to address the problem of human risk via multiple, disconnected solutions. In addition, when leadership thinks of security, they tend to think of protecting organizations against attacks from the outside, the external risk. As a result, security solutions have gotten really great at identifying those threats, but threat actors have evolved from wide-spread attacks to very focused threats targeted at individuals.

So, about the risk from the inside? Today it’s more important than ever to ensure that organizations can protect themselves from internal or insider risk. And what connects the two? The human in the middle. Organizations ask their employees to not only identify threats that come in via email and collaboration tools, but also to properly handle organizational data.

By delivering a connected human risk management platform, organizations can solve multiple use cases covering areas across the spectrum from external risks, like business email compromise, uncontrolled collaboration channels, and secure data retention to insider threats like exfiltration of critical company data and identification of compromised users. 

How We Re-envision: Going Beyond Traditional Awareness Training

HRM is becoming distinct because of its ability to focus on human risk – and the riskiest users. While all users need security awareness training and should be mindful of potential cyberattacks, the fact remains that only 8% of users cause 80% of security issues. Security teams must properly identify these users and be able to take action.

Employees have access to a myriad of collaboration tools and unlimited access to organizational data, making them prime targets for complex attacks such as phishing and other forms of business email compromise. In addition, they are constantly multi-tasking and have multiple tools open at the same time. All of these factors make users more prone to errors, and traditional security measures often fall short in addressing these human-centric risks. 

All these factors combined is why companies should focus on these key behavioral changes that go beyond traditional awareness training. As a result of these trends, human risk management solution customers should look for providers that:

• Enable adoption of HRM, not just buy into it: Look for providers that can readily show you which behaviors and events you can measure based on your tech stack, how you can use human risk to adapt training and policies, and how their customer success teams can help you progress your HRM maturity.
• Demonstrate that HRM capabilities are clearly and significantly different: Look for vendors that offer actual HRM capabilities that go well beyond awareness and phishing simulations. Ensure that the solution can identify risky user behaviors and events via integrations with security technologies and respond to those behaviors and events with a broad set of targeted, real-time interventions based on a user’s human risk, such as training, nudging, updating technical policies, or sending alerts or workflows.
• Use a comprehensive, accurate methodology to measure human risk: Look for solutions that use a correct definition of risk, evaluating the likelihood and impact of harm to your organization. These solutions consider four key points: individuals’ actual behaviors, identity, personal attack exposure, and security knowledge and sentiment. The more granular the data on each, the better you will be able to measure and manage risk. Granular solutions measure actual behaviors across security categories, derive identity insights such as seniority and access levels, and recognize personal attack exposures.

How Mimecast Can Help

The Mimecast HRM Platform has been designed by having human beings at the center of everything we do, aligning key protection and data controls to offer the most comprehensive approach to human risk management. With the Mimecast HRM Platform, you get a single solution that brings multiple products together to help you protect collaboration, educate employees, and detect insider risk. This is the connected human risk management platform organizations need.

Read the Forrester Wave for HRM report to learn more.