Cyber Attitudes Assessment (CAA)

Cyber Attitudes Assessment (CAA)

By having your team complete the CAA assessment you will be able to:

-Precisely identify the specific behaviours that can expose your team members to different cyber attacks and behaviours that strengthen your defences
-A heat map of your team with a view to risk exposure along the 6 different risk domains measured
-Detailed description for each individual of their specific cyber security exposure mappded to their personality profiles
-Individually mapped mitigation plans that allow instant changes to be made with regards to reducing potential cyber security exposure
-A relative measure of how your team’s exposure compares to an average team’s exposure with a view to make decisions for investing in improving your defences in a more informed way, counteracting the weaknesses and building on the strengths of your team

The CAA report is designed to improve not only staff’s security awareness, but also self-awareness by highlighting tendencies the participants who may be unaware of and also provide insight to the implications and mitigation opportunities of these potential blind spots from the cybersecurity context.
The CAA explores the relative strengths and gaps in employees behaviours and offers personalised mitigation opportunities to minimise the exposure to cyber risk. The immediate result of the assessment is an instant change in the attitude of participants shifting towards demonstrating safer behaviours after having taken the test and having understood their exposure and mitigation opportunities.

An individual/narrative report is generated for each employee where the specific strengths and mitigation areas are highlighted with bespoke mitigation plans from a cyber security perspective. The CAA results will not be transferable to another organisational context. When delivered for an entire organization/team, a leadership report is generated that captures a team heatmap and enables targeted investment in mitigation such as a focused training plans, purchasing additional technical solutions that keep a strong line of cyber security defences.


The CAA takes 30 minutes to complete excluding the instructions and instruction trial questions. The test consists of 150 questions and is available in international, non-idiomatic English. Reports are anonymised and ID based. To fill out a test administrative details of participants need to be shared. Reports are generated automatically and transferred in an encrypted format to the participant or to their team leaders.  

Recommended use

The test is recommended to be used by all staff, as part of a general user awareness training effort, but can also be used in a cyber incident response management or in a broader, supply chain context to improve teamwork and with a view to bridge capability gaps and put in additional protective measures. For recruitment purposes the CAA can add extra value to improve the existing team’s skills balance or to form a basis of an effective cyber on-boarding programme.