Three places we differ. Three things to say.
Signal
Their Security Culture is a 10-question survey of self-reported feelings. Moxso's HRI captures three live signals: what people actually do, what threats are targeting your industry right now, and who each person is in the organisation.
Cadence
Their phishing runs 4x/year, manually crafted. Courses every 2 months. Ours is continuous signal.
Persona
Their ICP is the SMB IT generalist. Ours is the board-accountable Security Leader.
Impact
Survey averages show how people feel about security. HRI shows whether human risk is actually going up or down.
Impact
Quarterly cycles produce quarterly evidence. Risk happens between campaigns, courses, and surveys.
Impact
Programme delivery answers SMB ops. Risk trajectory answers board governance.
Say
Self-report tells you what people think. HRI tells you what people do — and which direction risk is moving.
Ask
What happens to risk profiles between scheduled phishing campaigns and bi-monthly courses?
Ask
Is your priority a programme run for you, or a clear view of whether risk is going down before the next quarterly review?