Skip to main content

Human risk management

Phishing simulation and security awareness training that changes behavior

In short

Most breaches start with one click. Here is how a continuous program of realistic phishing simulations and short training lowers real risk, run on Claro.

Free consultationSee all solutions
Human risk and security awareness

Most successful attacks do not start with a clever exploit. They start with a person: a convincing email, a fake login page, a message that looks like it came from a manager or a bank. You cannot patch people the way you patch a server, but you can change how they react under pressure. The catch is that the way most companies try, a slide deck once a year, does almost nothing.

Why one-off training does not stick

People forget. A single session in January is a distant memory by March, and the lures that fooled nobody last year have already been rewritten. Worse, a one-off has no feedback loop: nobody finds out whether the training actually changed what people do when a real email lands. Behavior moves when three things are present: repetition, realistic practice, and progress people can see.

What an effective program looks like

A working program is a loop, not an event. You establish a baseline, train against the gaps, simulate real attacks, measure what changed, and coach the people and teams who need it, then go around again.

BaselineTrainSimulateMeasureCoach

Each turn of the loop makes the next simulation a little harder and the click rate a little lower. The goal is not a perfect score on a quiz. It is a workforce that pauses on the right emails and reports them quickly.

Claro, the platform we run it on

We run this program on Claro, our own platform built for Indonesian enterprises. The phishing simulations copy tactics actually used against organizations here, including regulator and bank impersonation and local tax-authority themes, so the practice feels real rather than generic. Training is delivered in Bahasa Indonesia, and every click, report, and lesson feeds a risk score you can see by department.

60-70%

lower phishing click rate over a 12-month program

28

training modules natively in Bahasa Indonesia

~3 mo

to measurable baseline improvement

Bahasa Indonesia modulesLocal-tactic simulationsDepartment risk scoresBoard-ready reportsRepeating campaigns

What you can measure

A program is only worth running if you can prove it worked. Claro tracks the phishing click rate, how quickly people report suspicious messages, training completion, and a risk score broken down by department, all over time. That gives you a board-ready picture of whether your human-layer risk is actually falling, not just a stack of completion certificates.

If you want to see what a program would look like for your workforce, that is the first conversation to have.

Frequently asked questions

Yes, when it is continuous rather than a one-off. A program that combines regular phishing simulations with short, relevant training changes how people react over time. Across our 12-month programs we target a 60 to 70 percent drop in the phishing click rate.

Related

Our services

SOC-as-a-Service24/7 security operations, run from JakartaPenetration TestingFind your security gaps before attackers doCompliance & GRC ConsultingMake sense of Indonesian and international regulationsDPO as a Service (DPOaaS)An outsourced Data Protection Officer for UU PDPIncident Response & Digital ForensicsFast containment and expert investigation when it matters mostCloud Security & DevSecOpsSecure your cloud and ship code with confidenceVulnerability AssessmentFind and prioritise security weaknesses across your environmentHuman Risk ManagementBuild a security-aware culture across your Indonesian workforce

Ready to strengthen your security posture?

Talk to our Jakarta-based team about your requirements.

Talk to our team

Jakarta-based team. We reply within one business day.