· Kai Roer

The Visibility Gap: Why IT Leaders Cannot See Human Security Risk (And What to Do About It)

The biggest threat to your organization is not malware — it is employee behaviors you cannot see. Here is why the industry has a visibility gap, and how to close it.

The Visibility Gap: Why IT Leaders Cannot See Human Security Risk (And What to Do About It)

The security industry has spent two decades training employees. Billions have been invested in Security Awareness Training programs, phishing simulations, awareness campaigns, and compliance modules. Every year, the programs get more sophisticated. Every year, the content gets better. Every year, the budgets grow.

Every year, human error remains the dominant factor in security breaches.

This is not because training does not work. It is not because employees are careless. It is because the entire industry has been measuring the wrong thing. We have been measuring whether people complete training. We have not been measuring whether people change their behavior.

That gap — between what employees are actually doing and what IT leaders can see — is the visibility gap. It is the root problem that no amount of training investment can solve on its own.

What the Visibility Gap Actually Is

The visibility gap is not a lack of data. It is a lack of translation.

Microsoft 365 environments capture vast amounts of behavioral signal every day. How employees handle email, how they authenticate, what they share, who they share it with, whether they follow established policies or work around them. The data is there, scattered across admin portals — the Microsoft 365 admin center, Entra ID, Defender, and others.

None of these portals were built to answer the question IT leaders actually need answered: how are our people behaving, and is it changing?

Meanwhile, SAT platforms add another layer of metrics — completion rates, phishing click rates, quiz scores — that measure training activity, not behavioral outcomes. An IT leader reviewing these numbers knows that 94% of employees completed their annual training. They do not know whether a single person handles sensitive data differently as a result.

The philosophical problem underneath all of this is straightforward: you should not be held accountable for something you cannot see. IT leaders are expected to manage human security risk without visibility into human security behavior. They are given activity metrics and asked to draw behavioral conclusions. That is not a measurement system. It is a guessing game with professional consequences.

What the Visibility Gap Costs You

The costs are both practical and strategic, and they compound over time.

Time. Without a consolidated view of employee behavior, IT leaders spend hours each week pulling data from multiple portals, assembling spreadsheets, and building reports manually. In our experience, this easily amounts to 6 to 10 hours per month for a typical IT manager — hours spent on data gathering that could be spent on actual security improvement.

Accuracy. Reports built from manually queried data across multiple sources are inherently fragile. Numbers get transposed. Time windows do not align. The picture presented to stakeholders may not reflect reality, and the IT leader often knows it — yet has no better alternative.

Credibility. Stakeholders receiving reports they do not fully understand or trust gradually disengage. The board stops asking about security. The CFO starts treating security spend as an unavoidable cost rather than a measurable investment. The IT leader loses influence over the decisions that determine whether the organization is actually protected.

Wasted investment. Without behavioral evidence, there is no way to know which security investments are producing results and which are not. Contracts get renewed based on vendor reports and gut feeling rather than observed outcomes. Training programs that produce no measurable behavioral change continue running year after year. Tools that do produce change receive no more budget than tools that do not.

Data decay. This one is technical, factual, and often overlooked. Microsoft retains behavioral data for a limited period — typically 90 to 160 days depending on the customer’s plan. Every week that passes is a week of behavioral history that ages out permanently. Organizations that do not capture this data lose it forever, and the historic baselines they could have built become progressively thinner. This is not manufactured urgency. It is a constraint of the data source itself.

Closing the Gap: See, Track, Communicate, Prove

Closing the visibility gap requires four distinct capabilities, each building on the previous. Individually, each one is useful. Together, they form a complete measurement loop that the industry has been missing.

See: Know What Is Happening Now

The first step is basic visibility. You need a consolidated view of human security behaviors across your entire organization — not activity metrics, not training completion rates, but actual behavioral data showing what employees are doing day to day.

This is what Employee Pulse provides. It pulls behavioral data from your Microsoft 365 environment and translates it into a single readable dashboard. You can drill down from the organization level to department to individual employee. It is populated with your own historic data within 15 minutes of setup — not a demo, not sample data, your actual environment.

Employee Pulse dashboard showing organization-wide behavioral data at a glance

Employee Pulse answers the most fundamental question: what are our people doing right now?

Track: Know If You Are Improving

Visibility without context is just a snapshot. To know whether your organization is moving in the right direction, you need internal baselines — measurements of your own behavior over time, not comparisons against external benchmarks that have nothing to do with your organization.

Risk Bearing builds rolling baselines at four organizational levels (user, team, department, organization) across four timeframes (7-day, 30-day, quarterly, annual). These baselines start on day one from historic Microsoft data. They update daily. Previous baselines are preserved, creating a history of how your direction of travel changes over time.

Risk Bearing baseline trends showing direction of travel across multiple timeframes

Risk Bearing answers the follow-up question: are things getting better or worse?

Communicate: Report in Stakeholder Language

Data that stays in a dashboard does not change organizational decisions. To influence how leadership thinks about security investment, the data needs to reach the right people in the right format and the right language.

Stakeholder Brief auto-generates reports adapted to different audiences. Business language for the board. Operational detail for the IT team. Compliance-formatted documentation for auditors. All from the same underlying data. All delivered on schedule without the IT leader spending a single hour on report preparation.

Stakeholder Brief generating tailored reports for board, IT team, and compliance audiences

Stakeholder Brief answers the communication question: how do we make this data useful to people who do not speak our language?

Prove: Evidence That Interventions Work

The final piece of the loop. Once you can see behaviors, track trends, and communicate them to stakeholders, the natural question becomes: are the things we are investing in actually producing results?

Impact Proof closes the loop by tracking behavioral data around tagged interventions — training programs, policy changes, tool deployments — and automatically generating before, during, and after comparisons. It shows immediate impact, short-term retention, and long-term behavioral change.

Impact Proof before-and-after comparison showing measurable behavioral change following an intervention

Impact Proof answers the question that no other tool in the market currently addresses: did it work?

Why This Is Not Another HRM Platform

It is worth being explicit about what Praxis Navigator is and what it is not.

Praxis Navigator is a measurement layer. It does not deliver training. It does not run phishing simulations. It does not provide awareness content. It measures whether those things — whatever tools and programs you are already using — actually change how people behave.

This is a fundamentally different value proposition from Human Risk Management platforms, which are largely SAT platforms with rebranded positioning. The HRM market has grown by adding features — more training content, more simulation types, more compliance modules. Praxis Navigator operates in a different category entirely. It provides the behavioral evidence that tells you whether all of those features are producing results.

The practical implication: Praxis Navigator does not compete with your existing investments. It validates them. If your SAT program is producing genuine behavioral change, Impact Proof will show that clearly. If it is not, you will know that too. Either way, you move from gut feeling to evidence.

The team behind Praxis Navigator was built for this specific problem. I created the Security Culture Framework — now adopted by ENISA as a standard for measuring security culture across Europe. Dr. Thea Mannix, our Director of Research, brings a neuroscience perspective to understanding how people process security decisions. We spent years in the training industry measuring what the industry measures. We built Praxis Navigator to measure what actually matters.

From Guessing to Knowing

The transformation, when you step back and look at it, is straightforward:

Before: Hoping people are secure. Spending hours pulling data manually. Reporting activity metrics that do not prove behavior change. Guessing whether security investments are working. Defending budget decisions with vendor reports rather than evidence. Using generic industry benchmarks that have no relevance to your organization.

After: Knowing where the risks are. Seeing automated insights without manual effort. Tracking behavioral evidence of actual change over time. Proving what works with before-and-after data. Earning stakeholder trust with reports they can actually understand. Comparing against your own rolling baselines.

The emotional shift is equally significant. The Progressive IT Leader moves from feeling frustrated, stuck, and uncertain to feeling competent, informed, and in control. They move from reactive data gathering to strategic decision-making. They move from hoping their security investments work to proving which ones do.

That shift — from guessing to knowing — is what closing the visibility gap looks like in practice.

Start Seeing What You Have Been Missing

If you have been following this series, you have seen how each capability builds on the previous: visibility, baselines, stakeholder communication, and proof. Together, they deliver the complete measurement loop that the industry has been promising without providing.

Praxis Navigator connects to your Microsoft 365 environment in 15 minutes. No sales calls. No demos. No procurement process. Available directly through the Microsoft Marketplace, designed so a single IT leader can get started without committee approval.

Within 15 minutes, you are looking at months of behavioral data you have never seen before. Your data. Your baselines. Your direction of travel.

The data has been there all along. It is time to see it.

Ready to measure your security culture?

Connect your Microsoft 365 and see months of employee security behavior data in 15 minutes. Free 30-day trial.

Start Free Trial
← Back to all posts