Human Vulnerability Scanner

The world’s first behavioural security engine built to measure real human risk. Using behavioural psychology and threat‑intelligence signals, it analyses how and why people behave — not just what they click — uncovering the hidden vulnerabilities traditional tools overlook.

Start Free 30-Day Scan See How It Works

What the Scanner Measures

Privci’s Human Vulnerability Scanner continuously analyses employee behaviour over a 30‑day period to build a comprehensive behavioural risk profile. It benchmarks users across nine high‑risk threat categories and maps findings to leading security frameworks such as NIST, ISO 27001, and CIS Controls.

Vulnerability Index
Behavioural Archetype
Threat Exposure Index
Organisational Risk Posture
Behavioural Insights
Try the Interactive Demo

Human Vulnerability Index (HVI)

4.2

A composite score measuring individual susceptibility to security threats based on behavioural analysis. Lower scores indicate stronger security posture.

Behavioural Archetype Classification

4 Types

Psychological and behavioural patterns that explain why risky habits occur, from Convenience-Seekers to Overconfident users.

Threat Exposure Index (TEI)

68%

Quantitative measure of organisational exposure to specific cybersecurity threats across nine high‑risk threat categories.

Organisational Human Risk Posture (OHRP)

Medium

Holistic measure combining individual susceptibility (HVI) with threat exposure (TEI) to determine overall human-centric risk.

APIR Framework

Privci’s scanner is powered by a structured, cyclical framework called APIR (Assess, Personalise, Intervene, Reassess), creating a continuous feedback loop that strengthens security behaviour over time.

Continuous
Feedback Loop
1
Assess
2
Personalise
3
Intervene
4
Reassess

Assess

Continuous synthesis of data from user behaviour, internal policies, and threat intelligence to build dynamic behavioural profiles — informed by the COM‑B model of behaviour change and provides the foundational understanding of Capability, Opportunity, and Motivation.

Personalise

Advanced behavioural modelling segments users across individual and archetype layers, revealing not just what users do, but why. This dual-layer structure enables deeply personalised and context-aware risk assessment.

Intervene

Ten specialised AI‑enabled Intervention Agents deliver targeted, context‑aware guidance. Each agent uses behavioural‑science logic (including Capability, Opportunity, and Motivation) to influence habits and reinforce secure behaviour.

Reassess

Continuous evaluation of intervention impact using reinforcement learning. The system treats every user interaction as a learning signal, refining its strategy to determine which interventions are most effective for each behavioural profile.

COM-B Behaviour Model

The intervention agents are grounded in the COM‑B model of behaviour change, enabling a clear understanding of each user’s Capability, Opportunity, and Motivation—the three essential components of sustainable behavioural change.

BEHAVIOUR
CAPABILITY
OPPORTUNITY
MOTIVATION

Capability

The psychological and physical ability to perform a secure behaviour. This reflects whether an individual has the knowledge, skills, and competence required to act safely when needed.

  • Psychological capability: knowledge, comprehension, decision‑making
  • Physical capability: practical skills, task execution
  • Training interventions to build skills
  • Just-in-time guidance at point of action

Opportunity

All the external factors that make secure behaviour possible or prompt it. This includes the environment, systems, and organisational structures that influence how employees act.

  • Social opportunity: norms, peer influence, cultural cues
  • Physical opportunity: resources, prompts, workflow triggers
  • Privacy enforcement mechanisms
  • Personal data management controls

Motivation

The internal processes that energise and direct behaviour — from deliberate choices to automatic habits. This determines what drives, reinforces, or undermines secure actions.

  • Reflective motivation: reasoning, evaluation, planning
  • Automatic motivation: habits, impulses, emotional responses
  • Incentives and rewards
  • Social comparison and competition
  • Behavioural nudges and reinforcement
Run Your First Scan Now

Privci Engines

Our comprehensive platform combines five specialised engines to address the full spectrum of human risk, creating a continuous layered defence system.

Awareness Engine
Change Engine
Phish Aware
Business Watch
Policy Keeper

Awareness Engine

Multi-layered training experience designed for modern workforces with diverse needs and behavioural patterns.

Instead of relying on one‑size‑fits‑all annual training, Privci provides continuous, contextual, and adaptive learning across three core training streams.

Training Streams:

  • Baseline Training: Continuous foundation with real-time, gamified prompts at policy violation moments
  • CyberSkills Training: Trophy-driven curriculum with compliance-aligned modules and advanced threat-resilience topics
  • Policy Training: Gamified experience centred on the Policy Champion Award, transforming policies into immersive learning

ROI:

Meets mandatory training requirements, reduces repeat violations by 67%, cuts training costs by 45%, and strengthens security culture with measurable behavioural change.

Change Engine

Transforms behavioural data into targeted interventions using the COM‑B model for sustainable change.

While the Awareness Engine delivers training and behavioural data, the Change Engine transforms that data into targeted behavioural interventions addressing root causes of risky habits.

Core Components:

  • Direct Intervention: Ten specialised behavioural agents targeting specific risky habits
  • Security Chronicles: 49-day personalised storyline with real-world behaviours as in-game traits
  • Topic of the Week: Weekly, threat-focused micro-lesson with quizzes and real-world breach references
  • Behaviour Insights: Threat-focused dashboard analysing susceptibility to nine top end-user threats
  • Threat Insights: Visualises potential attack scenarios and likely attacker routes

Phish Aware

Dedicated phishing‑resilience module combining automated simulations with gamified skill‑building.

Phish Aware goes beyond traditional phishing campaigns by combining Phish Tests with the more advanced Phish Challenge, offering a deeper, more accurate assessment of user strengths and weaknesses.

Key Features:

  • Phish Direct: Automated simulations with 800+ templates and custom mode
  • Live Template Suggestions: Sourced from real breach reports and current threat intelligence
  • Microsoft Direct Email Injection and integration with Google Workspace & Microsoft Azure AD
  • Phish Challenge: Gamified, inbox-style simulation with Gmail-style and Outlook-style interfaces
  • Leaderboard & Badges: Phish Master, Most Improved, Consistent Performer, Perfect Score
  • Department‑level Comparisons: Highlight team‑based strengths and weaknesses

Business Watch

Digital footprint analysis and real‑time enforcement to prevent data loss and monitor exposure.

Business Watch focuses on each user's digital footprint and online exposure, providing a critical assessment layer that feeds into both the Behaviour Change Engine and the Human Vulnerability Scanner.

Core Capabilities:

  • Exposure Scan: Shadow Watch for Shadow IT risks and Breach Watch for monitoring compromised services
  • Data Guard: Real-time enforcement with 35 built-in alert use cases, data geofencing, and browser-based DLP
  • Dark Web Search: Continuous scanning for leaked corporate credentials and exposed emails
  • Monthly "lessons learned" summaries and breach cause insights
  • Domain public data breach monitoring for employee-used websites

Policy Keeper

Transform your internal security policies into actionable guidance and measurable compliance.

Privci's policy-driven design is rooted in a simple principle: help organisations reduce cost, effort, and administrative overhead by making the most of their internal security policies.

Key Features:

  • Policy-Aligned Training: Uses existing cybersecurity policies as foundation for employee training resources
  • 120+ Customisable Templates: For organisations without mature policy libraries
  • Centralised Policy Hub: Upload, manage, and distribute security policies
  • Smart Q&A Tool: Built-in assistant for policy questions
  • Audit-Ready Evidence: For SOC 2, ISO 27001, GDPR compliance

Simple, Scalable Pricing

Behaviour‑Driven Human Risk Management for Every Organisation. Start with a free 30-day Human Vulnerability Scan.

Monthly Billing Annual Billing (Save 17%)

Foundation

£4 /user/month

Perfect for small teams beginning their human‑risk journey.

  • Human Vulnerability Scanner
  • Awareness Engine (Baseline Training, CyberSkills, Policy Training)
  • Change Engine (Behaviour Engine, Behaviour Insights)
  • Phish Direct (800+ templates, Live Template Suggestions)
  • Phish Challenge
  • Microsoft Direct Email Injection
  • Google Workspace & Azure AD Integration
  • Policy Keeper (always free)
  • Business Watch
Start Free Trial
No credit card required. Cancel anytime.
Most Popular

Advanced

£6 /user/month

Designed for organisations ready to automate behavioural change and reduce human‑driven incidents.

  • Everything in Foundation, plus:
  • Full Awareness Engine
  • Full Change Engine (+Threat Insights)
  • Full Phish Aware (Phish Direct, Phish Challenge)
  • Full Business Watch (Exposure Scan, Shadow IT, Data Guard, Dark Web Search)
  • Steady Mode ready
  • Priority support
Start Free Trial
No credit card required. Cancel anytime.

Enterprise

Custom Pricing

For large organisations with advanced security, compliance, and integration needs.

  • Everything in Advanced, plus:
  • Unlimited Data Guard real‑time enforcement
  • Custom Geofencing & DLP rules
  • Custom Use Cases
  • Dedicated Customer Success Manager
  • Custom Reporting & SIEM Integration
  • Multi‑department Segmentation
  • On‑premise or Hybrid Deployment
  • Platform Whitelabelling
Contact Sales