Why we invested in OutThink?
Perspective, by Cat McDonald
Introducing OutThink, the revolutionary cybersecurity platform.
While economics, political instability and climate change rightly dominate the headlines, cybersecurity remains a huge and growing problem. Last month, Nicolai Tangen, the CEO of the Norwegian sovereign wealth fund, told the Financial Times that he’s more worried about cybersecurity than the markets (even after a $174 billion loss!)
Uber is the latest high-profile business to suffer a significant cyber breach. In Uber’s case, a common social engineering compromise allowed a teenager to dupe an employee into providing access to sensitive data. A hack into an organisation holding 75m user credentials came down to human, not technological, risk. And according to the UK ICO, >90% of breaches are caused by human error.
The way of dealing with human error has historically been training, even though it doesn’t work. Many employees fail to complete cybersecurity courses; even after intensive courses, a third of employees click phishing links!
Instead of teaching people lists of rules and expecting them to obey, OutThink predicts individual risk and enables organisations to better manage that risk by providing highly targeted, in-the-moment training via Slack and Teams. In doing so, OutThink empowers employees to become the best protection against cyber threats, rather than the Achilles heel.
OutThink achieves this by playing into two long term unstoppable trends: data driven personalisation and the ‘tiktokisation’ of content.
Data driven personalisation
For an end-user, OutThink seems deceptively simple. However, the ability to provide highly targeted rather than generic support is a result of complex machine learning algorithms that leverage subjective (sentiment, productivity, engagement) and objective data (data from security tooling e.g. EDR, SIEM, DLP etc), to identify and predict risk down to the individual level.
Building this capability required an impressive trifactor of cybersecurity, technology and psychological expertise, which fortunately the OutThink team has. OutThink was built by Flavius Plesu (a former CISO) and Matt Slater (a brilliant technical architect), with the support of cutting-edge research on human-computer interaction by UCL Professor Angela Sasse.
‘Tiktoktisation’ of content
Identifying where the individual risk sits is necessary but not sufficient. Based on the human risk intelligence collected, OutThink also dynamically triggers in the moment training. Training is digestible, personalised and bite-size – finally alleviating end users from long-form, generic modules! “Micro learning” is not only quicker, easier and cheaper to make, it is better and more enjoyable to consume. We have seen this through the virality of TikTok – short, fun and to the point videos engage audiences best. Introducing this approach to employee training will help with engagement, information retention and productivity.
All in all, we believe OutThink has an entirely differentiated take on this market and the opportunity to build a transformational business where current leaders have reached massive scale, despite superficial products.