Most data breaches are caused by human error: Numerous industry reports (from IBM, Stanford, Tessian, DBIR) consistently identify human error as the leading cause of data breaches, with some studies indicating that up to 95% of breaches result from human mistakes. Even with more businesses rolling out security awareness training measures, these studies have shown consistent numbers over the past 5 years.

Complying with more stringent standards and frameworks: Some regulatory frameworks (such as ISO 27001) state that regular user security awareness training should be mandatory for businesses, and other best practice frameworks (such as CIS Control 14) require security awareness and skills training for compliance.

One-size-fits-all Training Programs: Security awareness training is often delivered uniformly to all users, disregarding their unique knowledge gaps and learning preferences. This approach can lead to poor knowledge retention and leave specific risk areas unaddressed.

Unengaging and Time-Intensive Training: Many security awareness programs rely on traditional classroom-based and PowerPoint-style presentations, often delivered in lengthy sessions. These methods can be unengaging for employees, resulting in poor knowledge retention and demanding significant resources from businesses to plan, create, and deliver the training.

Irregular/Sporadic Course Enrollment: Due to heavy workloads, security awareness training often becomes a low priority for both program managers and employees. This leads to long gaps without training, leaving employees vulnerable to new and evolving threats.

Lack of Client Awareness: Decision makers often underestimate the importance of user training because they are not fully aware of their business's current risks and do not believe their business could be a realistic target for a user-related cyber attack.

Impact of Security Training Often Isn’t Measured: Many employees are not assessed on what they have learned after completing a security awareness training course. Without assessment, it is impossible to determine whether the training sessions are improving security awareness within the business and where further training might be needed.

Training is Seen as a ‘Silver Bullet’: Many businesses rely solely on employee security awareness training to reduce human cyber risk. However, with evolving cyber threats, more devices, and an increase in remote work, additional measures are needed to effectively assess, improve, and monitor security awareness. For example, many data breaches result from attackers leveraging compromised credentials or human negligence, often due to a lack of clear policy processes.

Growth: Businesses are expected to spend significantly more on security awareness training solutions, with the market expected to hit $10B annually by 2027. In the MSP space, more and more clients are looking to purchase security awareness training solutions from their service providers. By 2024, 25% of midsize enterprises will adopt security awareness training as a managed service, up from less than 5% in 2020 (Gartner).

Value-Added Services: Integrating usecure’s platform into the service portfolio enhances the value MSPs provide, making their services indispensable to clients and allowing MSPs to grow their MRR through additional margins.

Improve Client Security: Implementing a comprehensive human risk management platform helps MSPs proactively mitigate the leading cause of data breaches—human error—by offering targeted, effective training and continuous monitoring. By addressing individual vulnerabilities and adapting to evolving threats, MSPs can significantly strengthen their clients' overall security posture.

Differentiation: Offering a specialized human risk management platform sets MSPs apart from competitors who don’t offer training solutions or offer a basic service. This differentiation can attract new clients seeking comprehensive, state-of-the-art security solutions.

Long-Term Partnerships: Offering continuous education, monitoring, and compliance assistance fosters stronger, long-term relationships with clients, reducing churn and increasing loyalty.

Help Clients Gain Compliance: Many industries have stringent compliance requirements regarding cybersecurity training and risk management. Human risk management helps clients meet these regulations effortlessly. MSPs can ensure their clients are always audit-ready, providing necessary documentation and training records to demonstrate compliance with regulations such as GDPR, HIPAA, and others.

User-tailored training for every user: Each user’s cybersecurity knowledge gaps are assessed in an initial 10-minute questionnaire, with a tailored training program being created for them that enrols the user onto courses which cover their weakest areas first. This approach reduces the higher individual risk areas first.

Automated training reduces administrative overhead and keeps training enrolment consistent: usecure’s training programs can be fully automated, including user enrolment and reminder emails, helping to save time and ensure all users are trained in a prompt manner.

A comprehensive 4-in-1 solution: usecure goes beyond security awareness training to effectively reduce human risk. This single platform offers regular and custom phishing simulations alongside training, ensuring continuous education. Additionally, it provides ongoing dark web monitoring to safeguard accounts from potential attacks. The policy management feature helps users understand company policies and procedures through a centralized library, complete with eSignature approval tracking.

Compliance-driven: usecure simplifies audit trails with comprehensive reporting on training adoption and performance, policy storage and version control, and tracking of signed policies.

Measurable human risk reporting: Granular reporting allows easy tracking of human risk performance, enabling quick assessments of training impact. Company-wide and individual risk scores provide accurate insights into overall risk at any time. Detailed reports on training, phishing, breach monitoring, and policy performance help identify high-risk areas within the business.

Short, engaging training for varying learning styles: usecure designs all training courses to be concise and accessible to non-technical employees. The platform offers diverse formats, including video-based and text-based courses, as well as animated and character-driven training for different user preferences.

Free actionable risk assessments for prospective clients: To raise client awareness of human risk, usecure provides free trials that include human risk reports, phishing simulations, and dark web breach scans. These trials offer actionable risk reports with clear follow-up actions, aiding MSPs in selling their services.

Flexible billing: Fully white-labeled, usecure allows for easy branding. Each core feature – uLearn, uPhish, uBreach, and uPolicy – can be rebranded and bundled across pricing tiers to fit MSP packages.

Product Insight and Market Positioning: Categorize the vendor's products, their key features, benefits, and how they stand out in the market.

AutoEnrol: This feature evaluates each user's individual cybersecurity knowledge gaps through an initial online questionnaire. Based on these results, it creates a personalized security awareness training program, prioritizing courses to address their weakest areas first. This targeted training approach focuses on reducing high-risk behaviors rather than using a one-size-fits-all method.

Automation: Course enrollment and reminders are automatically managed, reducing administrative workload. Training performance reports can also be automatically sent to clients on a recurring basis, showcasing ongoing risk reduction and the value of security awareness training.

Custom Course Library: With uLearn’s intuitive drag-and-drop course builder, you can easily create custom courses tailored to the specific challenges of your clients' industries, businesses, or regions.

Localization: usecure’s Course Library is available in multiple languages, including engaging and bite-sized videos, to cater to diverse user needs.

Reporting: Access and share both high-level and detailed reporting metrics that provide key insights into how uLearn is impacting your clients’ human risk. Export reports that outline ongoing training adoption and performance analytics, helping clients demonstrate their compliance efforts during audits.

Many security awareness training solutions focus on the sheer number of courses they offer, competing to provide the most extensive libraries in various styles. This approach burdens MSPs with the time-consuming task of selecting relevant courses for their clients, often resulting in a one-size-fits-all training program. uLearn takes a more risk-targeted and personalized approach to security awareness training, eliminating the traditional administrative burden of creating, deploying, and managing awareness programs. Through the AutoEnrol gap analysis questionnaire, each user’s cybersecurity knowledge gaps are assessed, leading to a personalized training program that prioritizes courses to address their weakest areas first.

AutoPhish: Enable ongoing and periodic phishing simulations across your clients, assessing user risk to a variety of attack techniques. These ready-made and automated simulations ensure continuous monitoring and reduction of phishing risks, eliminating the need for repetitive campaign setup.

Ready-Made Template Library: uPhish includes a pre-loaded library of phishing templates that cover a range of real-world techniques, from impersonating trusted services like Microsoft to mimicking internal HR and finance teams. Our templates are localized in multiple languages and updated monthly, allowing you to assess user risk against new and evolving phishing threats.

Build Custom Templates: Create targeted spear-phishing emails tailored to your clients’ industries or regions using an intuitive drag-and-drop builder. Easily assess risk to emerging threats, such as QR code phishing.

In-Line Training: Automatically enroll compromised users in follow-up training that explains their mistakes and teaches them how to recognize future attacks. This approach helps to quickly reduce high-risk areas before they can be exploited.

Reporting: Track simulation performance over time and customize reports by dates, departments, and roles. This helps you understand how phishing awareness is evolving and identify which areas of your client’s business need more attention.

uPhish distinguishes itself in the simulated phishing market with its automated ongoing simulations through AutoPhish, eliminating repetitive setup and ensuring continuous risk monitoring. Its extensive, regularly updated library of localized templates covers a wide range of real-world attack techniques. Additionally, the intuitive drag-and-drop builder enables the creation of highly targeted spear-phishing emails. The platform’s automatic enrollment of compromised users into immediate follow-up training swiftly addresses vulnerabilities, enhancing overall security awareness.

Monitor Compromised Accounts: Continuous scanning identifies when a user’s business email account has been involved in a data breach. This enables MSPs to detect early-stage threats and provide high-level risk data to both existing and prospective clients.

Types of Exposed Data: Access information on the types of sensitive user data exposed on the dark web, including passwords and personally identifiable information (PII).

Breach Source: Identify the third-party breach responsible for exposing the user’s account on the dark web.

Significantly Larger Breach Database: Broader coverage of breach sources enables MSPs to enhance client protection with increased visibility into exposed data.

Domain-Level Monitoring: This feature ensures that all email accounts under a given domain are monitored, not just individual accounts, thereby expanding protection and reducing the likelihood of new users being exposed.

Instant Breach Alerts: MSPs can activate immediate breach notifications for affected end-users and specific admins (e.g., Department Managers). These instant alerts enable clients to address data risks promptly, preventing potential attacks.

Free Domain Breach Scans: MSPs can provide actionable domain scan reports to both existing and prospective clients, demonstrating real-time dark web risks. This helps service providers highlight the need for their security offerings by showcasing potential vulnerabilities and how they can lead to larger breaches.

Many dark web monitoring solutions offer limited breach coverage, often relying on third-party integrations like HaveIBeenPwned. They may have outdated breach information and lack intuitive features such as instant user alerts. In contrast, uBreach Pro monitors a significantly higher number of breach sources than many other tools, with continuously updated breach data for comprehensive and up-to-date protection.

Centralized Policy Library: Effortlessly upload, locate, and update documents in a single library, eliminating confusion about where to find client policies. Choose from ready-made policy templates or create custom documents tailored to your clients.

Version Control: Track the version status of each policy to ensure clients and users have signed the most up-to-date versions.

Automatic Approval Requests: Automatically notify end-users when a new or updated policy is ready for signing, ensuring all users are aware of and acknowledge any security processes.

Audit Export: Export comprehensive policy reports to demonstrate compliance efforts during audits.

How uPolicy stands out in the market:

As part of usecure’s core Human Risk Management platform, uPolicy is often perceived as an unexpected value-add to MSPs, and is a great asset for differentiating our general product offering. Many competitors within our market don’t offer a policy-related solution, which gives usecure a competitive edge, and the MSP a chance to furth bundle/tier usecure within their service offering.

Real-World Use and Customer Solutions: Associate customer problems with vendor's best practices and products that solve them, with examples from case studies.

Case Study – Mentor Group: Mentor Group needed to become ISO/IEC 27001 accredited and maintain the trust of their clients. One of the requirements of ISO/IEC 27001 is that all staff receive regular information security training relevant to their job roles and the data they have access to. Mentor Group needed a solution with insightful reporting that would clearly demonstrate compliance whilst truly improving security behaviour.

Case Study – GBH: GBH faced the challenge of efficiently training a diverse, international client base in cybersecurity without heavy administrative burden. They needed a scalable, streamlined solution to manage human risk and ensure compliance across multiple regions, aligning with local regulations.

Case Study – Ascend: Ascend faced the challenge of protecting its expanding client base from cyber threats, recognising the risks human error posed to IT systems, and the potential severe repercussions of data breaches. Finding an effective and scalable solution to bolster human risk management became paramount to maintain their commitment to doing the right thing in the IT sector.

Case Study – IT Visionaren: IT Visionaren needed to effectively train numerous end users in cybersecurity without overburdening their small team with administration. The rise of flexible working introduced significant cyber risks demanding a scalable solution to educate users and strengthen their clients' cybersecurity posture efficiently.

Add users/integrations – MSPs can quickly set up an integration with Microsoft 365 or Google Workspace, to easily sync their clients’ users with the usecure platform. Running through this first is often a good starting point during an MSP demo, as it allows us to showcase how simple it is to set up and deploy usecure.

uLearn/AutoEnrol – AutoEnrol is one of the key USPs of usecure, so explaining how this works to the MSP is crucial. Running through how the initial gap analysis works will allow the MSP to understand the admin-lite and automated training process of usecure.

uPhish/how to create a simulation – After uLearn, uPhish is often the second key driver for MSPs. Showing the MSP how quick and easy it is to create, deploy and measure a uPhish simulation. Also, explaining usecure’s allow-listing requirements should help reduce support later down the line.

Configuration and white-labelling: Another key benefit of usecure is how easy it is for MSPs to configure and brand the usecure platform. Here’s a quick Product Academy video to explain how this works.

Tailoring the Demonstration: How can the demo be customized to reflect the audience’s unique interests and address their specific concerns?

Emails are being caught in Microsoft 365 quarantine

Outlook is blocking content in emails and displaying a Safe Senders warning

Phishing simulation delivery issues to M365

Troubleshooting Step by Step: Can you provide a step-by-step troubleshooting guide, possibly with flowcharts or decision trees, to diagnose and resolve typical technical problems? Or videos?

How to allow-list in Microsoft 365

How to prevent your emails from being caught in Microsoft 365 quarantine

How to create a phishing simulation

How to prevent Outlook from blocking content in your emails and displaying a Safe Senders warning

How to ensure phishing simulation delivery to M365 inboxes with Microsoft Advanced Delivery

How to set up Microsoft 365 synchronisation

How to deploy and update the Phish Alert Button

Knowledge Base

The information is publicly facing. We grant permission to republish the materials.

Identifying Industry Challenges: What challenges and opportunities are currently present in the vendor’s industry that they are attempting to address?

Exploring Solutions: How does the vendor’s solution address the identified industry challenges and opportunities?

Introduction to Product Family: Which products does the vendor offer to navigate or capitalize on these industry conditions?

Features and Benefits: What are the key features and benefits of the vendor’s product lineup?

Market Landscape: Why is this vendor’s solution particularly relevant in the industry’s current climate?

Unique Value Proposition: What is the vendor’s core message, and what distinguishes the vendor’s solution from others in the market?

Pain Points and Best Practices: What common issues do customers in the vendor’s industry face, and how are they addressed by the vendor’s best practices?

Product Integration: What strategies can be used to integrate this product into an existing solutions stack and how can it create synergies with other solutions?

Understanding the Cost of Inaction: What are the risks and potential consequences for customers who delay or do not adopt adequate solutions?