PRISM - Behavioural Intelligence Platform
Strategic Intelligence Platform
🚀 Phase 1 launching soon — Maturity Assessment & Pulse Surveys

PRISM

A strategic intelligence platform that measures your security culture through two complementary frameworks: Maturity Analysis (how capable is your programme?) and Culture Formation (how embedded are the practices?). PRISM uses scientifically validated surveys to gather insights from employees, then analyses responses through multiple analytical engines to deliver actionable intelligence that measurably improves your security culture.

Create Account Learn More
7
AI-Powered Modules
5
Strategic Outputs
Surfaced Insights
The Challenge

Why PRISM

Security leaders need defensible data to drive strategic culture change. Traditional approaches rely on gut feeling, generic training metrics, and annual compliance checkboxes. PRISM delivers evidence-based intelligence that transforms security culture from aspiration to measurable reality.

Fragmented Signals

Behavioural indicators sit across tools and teams, making it hard to see patterns or prioritise action.

Generic Interventions

One size fits all awareness drives compliance, but rarely changes the behaviour that causes incidents.

Limited Measurement

Culture is discussed, but leaders lack defensible metrics to guide investment and show outcomes.

The PRISM Difference

📊

Evidence-Based

Quantify culture with scientifically validated assessments. Move from gut feeling to hard data that justifies investment.

🔒

Privacy-First

K-anonymity protection ensures honest responses whilst maintaining GDPR compliance. Employees feel safe providing candid feedback.

Self-Service

Deploy assessments, generate reports, and track improvements without consultant dependency. Full control over your programme.

The Solution

The PRISM Intelligence Model

PRISM collects employee insights through scientifically validated surveys, then refracts the data through multiple analytical engines to measure, diagnose, design, reinforce and ultimately evolve your security culture.

PRISM Intelligence Model - 5 Strategic Outputs

Maturity

Measure and benchmark human risk maturity to establish a realistic baseline and prioritise effort.

Insights

Diagnose behavioural and cultural drivers of risk across roles, teams, and environments.

Interventions

Design and prioritise targeted, ethical interventions grounded in behavioural science.

Habits

Reinforce secure habits with cues and feedback loops so secure behaviour becomes the default.

Culture

Track the evolution of norms and secure ways of working, demonstrating sustained change over time.

Understanding PRISM

Two Frameworks, One Complete Story

PRISM uniquely combines two evidence-based frameworks to give you strategic intelligence about your security culture.

🎯

Maturity Analysis

"How capable is our security program?"

Based on the CMMI (Capability Maturity Model Integration) framework, maturity analysis measures your security program's sophistication across 8 critical dimensions.

What it measures:
  • Leadership & Governance
  • Psychological Safety & Just Culture
  • Organisational Culture & Norms
  • Awareness & Training
  • Communication & Engagement
  • Policy & Procedures
  • Risk Management & Measurement
  • Resources & Enablement
The 5 levels:
  1. Initial: Ad-hoc, chaotic processes
  2. Repeatable: Basic processes established
  3. Defined: Documented, standardised
  4. Managed: Measured and controlled
  5. Optimising: Continuous improvement
Best for:
  • Strategic planning and investment decisions
  • Board reporting and stakeholder communication
  • Benchmarking against industry standards
  • Identifying capability gaps
🌱

Culture Formation

"How embedded are these practices?"

Based on behavioural science, the BNC (Behaviour-Norm-Culture) framework tracks how security practices become part of your organisational DNA.

The three stages:
  1. Behaviour (4-12 weeks): Individual actions practiced when prompted or reminded. People do secure things because training says to.
  2. Norm (2-8 months): Behaviours become socially expected. Peers remind and encourage each other. Social pressure reinforces practices.
  3. Culture (2-5 years): Security is deeply embedded in organisational identity. "It's just who we are" — no reminders needed.
What it measures:
  • Behaviour adoption rates
  • Peer expectation strength
  • Cultural crystallisation
  • Progression through stages
Best for:
  • Tracking behavioural change interventions
  • Understanding culture transformation progress
  • Setting realistic timelines
  • Identifying stage-specific actions

How They Work Together

🎯 Maturity tells you:

  • "Our password policy is documented and enforced" (Level 3)
  • "We have established governance structures" (Level 3)
  • "Our training programme covers all staff annually" (Level 4)

🌱 Culture tells you:

  • "People create strong passwords consistently" (Behaviour)
  • "Team members remind each other about password hygiene" (Norm)
  • "Strong passwords are automatic — no one thinks about it" (Culture)
Key Insight:

You can have high maturity (Level 4) with low culture formation (still in Behaviour stage). This means you have great programmes on paper, but they haven't become second nature yet. Both metrics are essential for complete understanding.

Practical Example: Password Management

Scenario Maturity Score Culture Stage What This Means
Ideal State 4.5 / 5.0 (Level 4-5) Culture (3.5+) ✅ Strong policies AND deeply embedded behaviour. Password security is automatic.
Good Programme, Early Culture 4.0 / 5.0 (Level 4) Behaviour (3.0) ⚠️ Great policies and training, but practices not yet automatic. Need 6-12 months for norms to form.
Mature Culture, Ageing Programme 3.0 / 5.0 (Level 3) Culture (3.5+) ⚠️ Practices are embedded, but policies haven't evolved. Update documentation and controls.
Early Stage 2.5 / 5.0 (Level 2-3) Behaviour (2.0) 🔄 Building both programme capability and culture. Focus on documentation and training first.
AI-Powered Capabilities

Platform Modules

A modular suite of AI-powered tools to measure, monitor, and improve your security culture across the entire human risk lifecycle.

01

Maturity Assessment

Deploy scientifically validated surveys to establish your security culture baseline. AI-powered analysis identifies patterns and surfaces key insights from K-anonymity protected responses.

  • AI-assisted insight discovery and pattern recognition
  • Anonymous responses via secure magic links
  • Board-ready maturity scoring and recommendations
02

Pulse Surveys

Maintain continuous monitoring between full assessments. AI continuously analyses responses to surface emerging trends, validate training effectiveness and detect culture drift before it becomes critical.

  • AI-driven trend detection and early warning alerts
  • Event-triggered surveys (post-training, post-incident)
  • Real-time response tracking with intelligent insights
03 Coming Soon

Intervention Designer

Transform insights into action with AI-generated intervention recommendations. Intelligent analysis applies behavioural science principles including the Behaviour Change Wheel and COM-B model.

  • AI-powered intervention recommendations
  • Behavioural nudge library with smart suggestions
  • Predictive effectiveness scoring
04 Coming Soon

Security Champions

Use social network analysis to identify influential employees who can drive security culture change from within. AI identifies key influencers and measures champion impact across your organisation.

  • AI-powered influencer identification
  • Network effects analysis and visualisation
  • Champion impact measurement through assessments
05 Coming Soon

Choice Architecture

Analyse how security decisions are presented to users and recommend improvements to reduce friction. AI identifies bottlenecks and suggests optimisations to make compliance the path of least resistance.

  • AI-driven friction point analysis
  • Process redesign recommendations
  • Employee experience optimisation
06 Coming Soon

Incident Response

Measure organisational readiness before incidents occur and response effectiveness afterwards. AI analyses preparedness gaps and validates capabilities for auditor demonstration.

  • Pre-incident readiness scoring
  • Post-incident effectiveness measurement
  • Lessons learned adoption tracking
07 Coming Soon

Threat Modeller

Move from reactive to predictive human risk management. AI analyses behavioural patterns across all modules to anticipate where security failures are most likely and surfaces prioritised risk insights.

  • AI-generated predictive human risk scores
  • Intelligent resource allocation recommendations
  • Automated behavioural risk profiling
Your Path

The Human Risk Management Journey

A progressive maturity pathway from baseline assessment to predictive intelligence.

1

Baseline

Establish your security culture baseline with Maturity Assessment

2

Monitor

Maintain momentum with continuous Pulse Survey check-ins

3

Design

Create targeted behavioural interventions based on findings

4

Leverage

Identify and empower Security Champions as internal influencers

5

Optimise

Reduce friction with Choice Architecture improvements

6

Prepare

Validate Incident Response readiness and capabilities

7

Predict

Move to proactive risk management with Threat Modeller

Recommended Path: Start with Maturity Assessment to establish your baseline. Add Pulse Surveys for continuous monitoring, then expand to additional modules as your programme matures.