Paladin Cyber’s mission is to make it easy for organizations, especially those without large security teams, to holistically tackle their cyber risk by combining easy-to-implement protection with intelligent automation and expert support to reduce an organization’s cost of risk and mitigate their exposure.

The first step in making companies more secure is always making them understand their company's risk. This case study presents a tool that aims to present to the user the possible dangers that their company is vulnerable to and make them understand how to protect themselves better against them.

My role

This is a project that I worked on in 2019. I led the design process of this project from the initial kick-off to the final deliverables.

For this project, I collaborated with the rest of the product team, having weekly reviews of the progress and with the main stakeholders. After the design has been finalised, I supported the engineering team during the implementation.

How aware are you of the dangers of cybersecurity threats?

Every type of small business, regardless of industry, needs to be aware of the dangers of cybersecurity threats. Cybercriminals are constantly modifying their techniques, which means it’s more important than ever to have a cybersecurity plan. The increase in employees working from home exposes vulnerabilities in many companies’ infrastructures. Here are some alarming stats:

• 22% of small and medium-sized businesses have suffered a security breach due to a remote worker since March 2020.

• 70% of small businesses experience cyber-attacks, and without a cybersecurity plan, they run the risk of going out of business.

• 60% of small businesses that experience a data breach or cyber-attack close within 6 months.

Design process

Our team follows the Design Thinking methodology, an iterative process in which we seek to understand the user, challenge assumptions, and redefine problems in an attempt to identify alternative strategies and solutions that might not be instantly apparent with our initial level of understanding.

This is an iterative and non-linear process in which our purpose is to improve our products by analyzing how users interact with our products and to use that knowledge to try new concepts and ideas.

Step 1: Discover

User research and observation

• What? Engage with or observe the target audience.

• Why? The aim of this step is to paint a clear picture of what challenges our end users face, and what needs and expectations must be met.

• How? To build user empathy, we inspire from all the interactions we have with our users such as support discussions, analytics, and mouse flows.

Requirements business team

• What? Get an understanding of the target audience.

• Why? The aim of this step is to paint a clear picture of what challenges our end users face, and what needs and expectations must be met.

• How? To develop the right solution for the problems, we get a list of requirements and study the competitors.

Step 2: Discover

Key findings

• What? Based on what was learned in the discover/empathise phase, the next step is to define a clear problem statement.

• Why? The problem statement sets out the specific challenge the team will address. It will guide the entire design process from here on out, giving the team a fixed goal to focus on and helping to keep the user in mind at all times.

• How? When framing the problem statement, the focus is on the user’s needs while still considering those of the business. A good problem statement is human-centered, broad enough for creativity, yet specific enough to provide guidance and direction.

Competitive analysis

• What? What are the existing methods and tools that address these user’s requirements?

• Why? Why would a user choose your solution? What are the benefits, and what are the drawbacks?

Step 3: Ideate

Evaluate potential solutions

• What? With a clear problem statement, the team gets together and discusses all the ideas and potential solutions.

• Why? The ideation phase gives us the chance to tackle the problem together and cover all the angles of it. By doing this together, different opinions are brought to the table and all the benefits and downsides of a solution can be considered.

• How? During dedicated ideation sessions (product review sessions or topic-specific meetings). In these meetings, we try to involve the engineering team when beneficial, to get an idea if it is feasible from the implementation perspective and what the required effort would be.

Step 4: Prototype

Build flow diagram

• What? The user flow is a visual representation of all the various interactions the user can have with our product, the steps they take to complete a task or achieve a goal.

• Why? Creating a flow diagram helps us to:
• Communicate more easily what the user flow should be.
• Make sure that no important steps of the process are missed.
• Make decisions and changes at a low fidelity before a lot of time is invested in design.
• Get feedback from the team.

• How? The tools used to create the flow diagram are Figma or Miro.

Build high-fidelity prototypes

• What? The design team will now produce several versions of the designs/prototypes so that together we can investigate the problem solutions generated in the previous stage. This is an experimental phase, and the aim is to discover the best possible solution for each of the problems identified during the first three stages.The solutions are implemented within the prototypes, and, one by one, they are investigated and either accepted, improved and re-examined or rejected based on the users’ experiences. By the end of this stage, the design team will have a better idea of the constraints inherent to the product and the issues that are present, and have a clearer view of how real users would behave, think, and feel when interacting with the end product.

• How? The tool used to create the high-fidelity prototypes is Sketch. The designs are stored and shared with the rest of the team using Abstract.

Step 5: Deliver

Developer handoff

• What? The design handoff is a point in the product development process where developers implement the finished design. Due to the remote nature of our organization, good designer-developer collaboration is vital. To have a successful handoff with little friction (clear explanations on what are the expectations from the product team in terms of implementations of the designs), we developed a standard process that is followed by all team members. The process is reviewed and improved constantly, based on the received feedback.

• How? The design team will prepare short documentation in the form of tickets for the developers, which will consist of specs, flows, and any additional details in addition to the abstract files. From the abstract collection that covers a certain feature/functionality, the developers can inspect the design and export the resources, get the code snippets and have access to the latest files at any time.

Step 6: Test

Usability testing

• What? The primary goal of the usability test is to understand how future users will perform actions in the product and shine a light on the areas that can be improved. We want to expose potential problems and assess the severity of the issues found, identify the pain points that the users might have and the places where they might struggle to accomplish their tasks.

• Why? The testing phase enables the team to see where the design works well and where it needs improving. Based on user feedback, we can iterate and make changes and improvements to our solution so that the product is easy and enjoyable to use.

• How? The technique that we use is a moderated, online usability study. Usability testing is a task-based activity, so tasks have to be created based on product functionality. To do that, we have to identify the most crucial user journeys and to make the participant “walk through them”. Before we start with the usability test, we can form some hypotheses that can be proven right or wrong during the test.

• Both the screen and the audio will be recorded to have all the information available for analysis. During the evaluation, the users are asked to think aloud, expressing all their concerns, expectations, thoughts, and feelings while they carry out the activity with the system. In this way, the evaluator can obtain valuable insights into how the users operate the system and what their strategy is for carrying out the tasks.

This is an iterative and non-linear process, which means that the design team continuously uses the results to review, question, and improve the initial assumptions, understandings and results.

Results from the final stage of the initial work process inform our understanding of the problem, help us determine the parameters of the problem, enable us to redefine the problem and provide us with new insights, so we can see any alternative solutions that might not have been available with our previous level of understanding.

‍

What are we trying to achieve?

Convey actionable information in context

• Put findings in context and provide all the necessary information so that the user can act based on the report. Include information on what’s at stake financially based on your current risk posture.

Keep key findings concise

• Summarize critical findings and present an overall risk level.

Make the language clear for a non-technical audience

• Avoid jargon and overly technical language for reports that are shown to executives and areas of the business outside of cybersecurity. Use a risk score to make key findings and recommendations easier to understand.

Relate findings to cyber risk

• Risk-based reporting is the approach that’s best suited to reducing the organization's actual exposure to cyber threats. Following a risk-based approach can help everyone in the organization to focus on the most significant issues. Framing risk in business terms can help executives and leaders to understand the ramifications of the findings.

Competitors research

Performing a competitive analysis is one of the earliest research steps in the UX design process. This method provides strategic insights into the features, functions, flows, and feelings evoked by the design solutions of the competitors.

By understanding these facets of competitors’ products, we can strategically design your solution with the goal of making a superior product and/or experience. The outcomes of this research will help orient the team and the stakeholders to the competitive landscape and give us an idea of what user experiences are standard for the market that we are designing for.

Our solution: Risk assessment report

The users can get a free cyber risk report easily, by providing minimum information. Based on their input, we will generate their personalized report in seconds.

This assessment evaluates cybersecurity risk using data-driven, objective, and publicly available metrics together with our proprietary claims data. The findings and recommendations in this report are intended to help proactively identify, quantify, and manage cybersecurity risk.

Summary

The user will start the report with an overview of the results and their criticality. The report goes into detail regarding all of these findings and explains what are they and how it can be solved.

Critical risks

We like to think of cybersecurity threats as being highly technical, difficult to perpetrate, and somehow beyond our understanding. In reality, cyber risk is mostly an operational or team management issue, rather than an IT problem.

The most common method of success attack has always been through employee error.

In the report, we present the most common issues that are caused by untrained employees, and we explain in plain language how can we help them.

Call to action

One of the main goals of the project was to convince the small business owners of the risk that they are exposed to and convince them to act on it – buy cybersecurity insurance and use the tools provided by us to protect themselves against cybercriminals.

Because of that, throughout the report, for each section, a contextual call to action banner has been designed.

Conclusions

What were the results of the report you might wonder? Well, great! We gave this as a tool for the agents that were selling cyber insurance and we saw a major rise in the number of customers.

Before the report, a considerable number of people that were buying cyber insurance were never using this platform, even if it was included for free in  the package that they buying but now they were introduced to us, we could see more active users on our platform. The step that followed was integrating this report in the product so that the users have access to it at any given time.