In 2026, five organizations working with Hoxhunt were recognized with the prestigious CSO Award—an honor reserved for those who are not only advancing cybersecurity within their own walls, but reshaping how the discipline is practiced more broadly with excellence in leadership, innovation, and results.

At first glance, these programs appear to have little in common. They operate in different industries, shaped by different risks, and had different ambitions and approaches. Each reflects a distinct philosophy of how to engage people, reduce risk, measure success, and build resilience.

But taken together, they tell a richer story of security awareness, behavior and culture change, and human risk management:

• Uber pioneered a signal-driven Human Risk Management model, replacing static training with real-time, behavior-based nudges and interventions
• Monster Energy transformed cybersecurity into a competitive, cultural force—making participation visible, engaging, and aspirational
• Docusign extended protection beyond employees to users, turning human vigilance into a mechanism for defending customers, protecting their brand, and preserving trust
• LyondellBasell focused on the highest-risk individuals, demonstrating that even persistent vulnerabilities can be reshaped through adaptive learning
• Copart refreshed their awareness program leadership & management, and reimagined the entire program as an automated, intuitive system—making cybersecurity a daily instinct across a global workforce

Their goals and execution differed. The capabilities they leaned on—whether behavioral signals, gamified organizational incentives, reporting ecosystems, adaptive training, or automation—varied significantly.

This diversity is essential to understanding the future of cybersecurity. Securing the human element has traditionally been defined by uniformity: standardized training and cookie-cutter programs in service to compliance.

But these award-winning programs demonstrate the opposite. Effective Human Risk Management is a living, breathing system that can be customized at scale to comprehend context, and to deliver targeted interventions to the people it serves.

Good human risk management enables effective third party risk management, too.

In cybersecurity, no organization operates in isolation. Every employee, every system, every supplier forms part of a larger, interconnected chain. A compromised account in one company can ripple outward through vendors, partners, and customers. Conversely, when one organization strengthens its defenses—especially at the human layer—it contributes to the resilience of everything around it.

Seen this way, the achievements of these five organizations extend beyond their own environments. Each represents not only an internal transformation, but the strengthening of our shared digital ecosystem.

Across all five programs, Hoxhunt played a role not simply as a technology provider, but as a collaborator—helping translate vision into results, and enabling each organization to build something uniquely suited to its needs. We are proud to have supported these efforts, and even prouder to see them recognized for their innovation, leadership, and measurable impact.

‍

🚗 Uber

“Beyond the Checkbox”: Signal-Driven Human Risk Management

Executive Summary

Uber reimagined security awareness entirely, replacing the static, compliance-driven training model with a dynamic Human Risk Management system powered by real security signals. Using telemetry from across their environment, they delivered just-in-time microtraining and adaptive phishing simulations to ~25,000 employees—transforming awareness into an always-on behavioral system.

Collaboration with Hoxhunt

Uber didn’t want another phishing platform; they needed to build and implement a new model for reducing human cyber-risk. Working closely with Hoxhunt, they connected behavioral signals to targeted interventions, built microtraining workflows, and leveraged AI-driven content creation to scale personalization. This collaboration helped shape both Uber’s program and the evolution of Hoxhunt’s HRM capabilities.

Results

• Training completion increased significantly (~60% → ~90%)
• Highly targeted interventions replaced broad campaigns
• A two-person team scaled impact across 25,000 employees
• Human risk became measurable, trackable, and actively managed

Conclusion

Uber proved that it pays to be bold: by co-creating a new model of human risk management, they achieved far superior results than the SAT model is capable of, and with no added administrative burden or financial cost.

“By using a platform like Hoxhunt alongside our telemetry and AI systems, we have a much better picture of what people actually need—versus what we think they need—and that’s what allows us to target behavior and drive real change.” –Jason Haper, Head of Security Diligence, Analytics, Vendor Risk, and Awareness

⚡ Monster Energy

“Get S$!t Done, Right”: Turning Cybersecurity into a Competitive Advantage

Executive Summary

Monster Energy transformed cybersecurity into a cultural movement by aligning it with their core identity: competition. Through gamification, leaderboards, and the Cyber Mindset Championship Belt, they embedded security into daily behavior—making it visible, engaging, and aspirational.

Collaboration with Hoxhunt

Monster needed more than functionality—they needed cultural fit. Hoxhunt provided a gamified, flexible platform that could be shaped into something uniquely “Monster.” Together, the teams rapidly launched campaigns, experimented with incentives, and built a program that matched the company’s high-energy, competitive DNA.

Results

• Failure rates dropped 4x, from ~16–18% to ~4%
• Security incidents reduced dramatically by 91%, (from 5 daily to 3 weekly)
• Engagement surged through gamification and competition
• Cybersecurity became a company-wide conversation

Conclusion

Monster didn’t just train employees—they made cybersecurity part of who they are.

“Get S$!t Done is a great concept. Get S$!t Done Right is even better. Hoxhunt helped us make our cyber culture world class, while staying true to our Monster DNA.” — John Strait, SVP of Global Information Technology Infrastructure

✍️ Docusign

"Extending Trust Beyond the Enterprise

Executive Summary

Docusign expanded its security program beyond employees to protect customers and brand trust. By operationalizing user-reported threats and launching a dedicated verification channel (e.g., [email protected]), they created a scalable system for identifying and mitigating impersonation attacks.

Collaboration with Hoxhunt

Hoxhunt enabled Docusign to unify internal reporting behavior with external threat intelligence. By strengthening reporting culture and leveraging AI-assisted analysis, the program turned user vigilance into a powerful detection layer—bridging internal security and customer protection.

Results

• Faster identification and response to impersonation campaigns
• Increased reporting rates from both employees and customers
• Strengthened trust in the Docusign platform
• Security became a customer-facing value driver

Conclusion

Building out from the principles and practices established by their internal resilience program--in which employees become active cyber threat sensors and hunters--Docusign turned human vigilance at the global consumer level into a competitive trust advantage.

🏭 LyondellBasell

“Turning repeat clickers into resilient defenders while transforming enterprise-wide security culture”

Executive Summary

LyondellBasell tackled one of the most persistent challenges in cybersecurity: repeat clickers. Using adaptive, multilingual training and targeted simulations, they focused on high-risk individuals and transformed them into resilient users.

Collaboration with Hoxhunt

Hoxhunt’s adaptive learning model allowed LyondellBasell to personalize training at scale—delivering the right difficulty, language, and content to each user. Together, they broke through performance plateaus by focusing on behavior, not just participation.

Results

• Repeat failure rates nearly eliminated within two quarters
• Reporting increased more than 6-fold
• Global workforce engagement improved significantly
• Security team efficiency increased through automation

Conclusion

LyondellBasell proved that even the highest-risk users can improve—with the right approach.

“We consider people failing multiple simulations over time to be a high risk in our program. With Hoxhunt, that pattern basically disappeared… The difference was how fast people learned from their mistakes, once failure became a learning moment instead of a repeat behavior.” — Joy Wangdi, Cybersecurity Trust Officer, LyondellBasell

🚘 Copart

"Making Security as Instinctual as Seatbelts"

Executive Summary

Copart transformed a manual, compliance-heavy program into an automated, behavior-driven system that made cybersecurity as instinctual as fastening your seatbelt. With a diverse global workforce, they focused on making cybersecurity intuitive, engaging, and relevant to every role.

Collaboration with Hoxhunt

Hoxhunt removed the heavy operational burden of campaign creation, data analysis, and reporting—freeing the team to focus on strategy and culture. The partnership also enabled deep customization, rapid feature iteration, and a program aligned with Copart’s creative, engagement-first approach.

Results

• Reporting rates doubled, reflecting increased engagement
• Massive increase in simulation volume and diversity
• Significant reduction in manual workload (previously 80–90% of effort)
• Executive visibility improved through real-time dashboards

Conclusion

Copart didn’t just improve training—they transformed their culture and made cybersecurity second nature.

“At Copart, cybersecurity is basically becoming as instinctual as wearing seat belts with the sole help of Hoxhunt. It’s a win-win for us because we’re not having to do anything on the back end, and our employees are getting trained even better on threats they could actually be seeing.” –Brittany Little, Cybersecurity Manager, Global Training & Awareness

🎯 Final Thoughts

What makes these five programs remarkable is not that they achieved their goals for engagement and measurable risk reduction without following a shared blueprint.

Each organization approached human risk from a different angle, shaped by its own culture, constraints, and ambitions. Some leaned into real-time signals and automation, others into gamification and culture, others into trust, visibility, or targeted behavioral change. There is no single pattern that defines success here—only a shared commitment to rethinking what is possible when people are treated not as liabilities, but as active participants in defense.

And yet, for all their differences, these programs converge on a common truth: that meaningful progress in cybersecurity happens not in isolation, but in connection. The systems we defend are intertwined, the threats we face are shared, and the gains made by one organization inevitably extend outward to others. Every improvement in awareness, every increase in reporting, every reduction in risk strengthens not just a single company, but the broader network it inhabits.

This is why these awards matter. They are not only recognition of individual excellence, but signals of collective progress—evidence that the industry is moving, steadily, toward a more adaptive, more human-centered approach to security.

For our part, we remain committed to standing alongside our customers as partners in that journey: learning from them, building with them, and helping them turn vision into measurable outcomes.

Because when they succeed, the impact reaches further than any one organization—and that is a success worth celebrating.

‍