1 · the hidden risk
01
The hidden risk
The risk you can’t see is the one that hurts you most.
02
Introducing Privci
The world's first human vulnerability scanner
03
How the Scanner Works
Align, observe, analyse – over 30 days
04
Deep Behavioural Insight
From noise to clarity
05
Interventions That Work
Behaviour change, not box‑ticking
06
Measurable Value
Human vulnerability, understood — and reduced
07
Putting it all together
APIR · COM‑B · continuous flow
08
Thank You
Ready to transform your human risk?
M&S · £1bn brand damage
A single phone call – fake IT support – led to ransomware and £1bn market erosion.
• human vulnerability, exploited
Co‑op · £200M interruption
Same playbook: password reset via help desk. Business ground to a halt. £200M lost.
+ regulatory fines pending
Harrods · £10M remediation
Social engineering breach cost £10M in clean‑up, plus untold brand trust.
human error = expensive reality
Human Vulnerability Scanner
Continuously measures real human risk — beyond knowledge, into behaviours and habits.
COM‑B Model
The behavioural science foundation of Privci: Capability, Opportunity, and Motivation.
no more guesswork
Policy baseline
Your internal policies define “normal”. Upload them – the scanner aligns with your rules, then watches for deviations.
30‑day scan
30d continuous observation in real conditions – enough to spot the patterns that led to M&S.
During the scan
Challenges
Micro‑lessons
Deviation signals
Phishing sims
Behavioural profile
HVI 4.2 · Top Concerns · Knowledge Gap · Behaviour Archetypes · Company‑wide posture
not a score – a story
Compromise Routes
Attacker calls help desk
Password reset
Access internal
Lateral movement
Ransomware
10 Intervention Agents
Each rooted in COM‑B, addressing specific habits – from password reuse to phishing susceptibility. Personalised to each user.
Security Chronicles
49‑day personalised storyline that turns real behaviours into traits – and nudges change.
−31% HVI reduction
Measurable decrease in Human Vulnerability Index following targeted behavioural interventions.
42% fewer exposure paths
Reduction in realistic compromise routes – meaning fewer ways for an M&S‑style attack to succeed.
2× faster risk response
Earlier detection of behavioural risk enables faster, targeted intervention before incidents occur.
45% cost reduction
In training – by focusing on what matters. Stop wasting budget on one‑size‑fits‑all programmes.
Audit‑ready behavioural evidence
Continuous, framework‑aligned insight supporting NIST, ISO 27001, CIS controls.
ASSESS
PERSONALISE
INTERVENE
REASSESS
Hidden Risk
habits · pressure · gaps · (like M&S)
Behavioural Scan
30‑day · baseline · observe
Vulnerabilities
HVI · archetypes
Compromise Routes
paths · exploit steps
Interventions
10 agents · micro actions
Measured Impact
−31% HVI · −42% exposure
Capability
Opportunity
Motivation
Thank you.
You've seen how Privci reveals and reduces human risk.
Ready to make it happen in your organisation?
Start your 30‑day scan →
Or email support@privci.com to discuss your environment.
In 2024, M&S lost £1bn in brand value after a single social engineering call. Co-op faced £200M business interruption. Harrods spent £10M on remediation. All because an employee fell for a fake IT support call. The risk you can't see is the one that hurts you most.
Privci’s Human Vulnerability Scanner reveals the behavioural risk that led to these incidents. It doesn't replace your security stack — it completes it. By applying behavioural scanning at scale, powered by the APIR framework and the COM‑B model, it uncovers why risk emerges and where it is most likely to surface next, helping organisations reduce exposure to incidents like those seen at M&S, Co‑op, and Harrods.
First, the scanner aligns with your internal policies — email use, data handling, remote work — to establish a behavioural baseline. Then, over a 30‑day observation period, it continuously assesses how users interact with security. Through trophy‑driven challenges, gamified policy learning, weekly micro‑lessons, policy deviation signals, simulated phishing, and use‑case correlations, it builds a complete picture of each user’s capability, opportunity, and motivation.
When the scan completes, the noise disappears. Each user receives a behavioural risk profile — their Human Vulnerability Index, Threat Exposure Index, and a behavioural archetype such as “Convenience‑Seeker” or “Overconfident”. But it doesn’t stop there. Privci maps realistic compromise routes, showing step by step how an attacker could exploit these behaviours — exactly like the M&S attack — and the potential business impact.
Insight alone isn’t enough. Privci turns understanding into action. Ten specialised intervention agents — each rooted in behavioural science — deliver targeted guidance. Security Chronicles. Topic of the Week. Direct micro‑interventions. Progress becomes visible. Behaviour shifts. Risk reduces.
The result? A measurable reduction in human‑driven risk. 31% lower Human Vulnerability Index. 42% fewer exposure paths. Organisations gain a clear view of their human risk posture, benchmark against industry, and demonstrate compliance with frameworks such as NIST and ISO 27001. Privci doesn’t just train — it transforms behaviour.
The APIR cycle drives continuous improvement. COM‑B explains behaviour. Together they turn hidden risk into measurable resilience: scan → reveal vuln & routes → intervene → benefits → repeat. This is the Privci flywheel, built to stop the next M&S before it happens.
Thank you for exploring Privci. We're here to help you understand and reduce human risk. Contact our team today to see the Human Vulnerability Scanner in action. Let’s build a safer, more resilient organisation together.