Security teams have no shortage of tools—or data. Their workdays are marked by endless context-switching, fragmented visibility, and workflows that rarely connect the dots. According to the IBM Institute for Business Value, the average organization now juggles 83 different security solutions from 29 vendors—that’s a level of complexity that makes it harder, not easier, to stay secure.
And in the middle of all that complexity sits one of the most important, yet siloed, sources of security insight: human behavior.
Human risk data—phishing clicks, training failures, identity anomalies, targeted attacks—contains critical signals about how real-world threats unfold inside an organization. But too often, when analysts try to correlate behavior with SIEM alerts, enrich identity events with risk scores, or create tailored risk dashboards, they’re stuck swiveling between systems or exporting data manually.
When the difference between “we caught it” and “we missed it” can come down to minutes, that just doesn’t cut it.
Introducing the Human Risk Public API
The Mimecast Human Risk Public API enables automated, programmatic access to the rich insights housed in the Human Risk Command Center. With this API, human risk data becomes portable—ready to enrich alerts, trigger workflows, and power dashboards across your entire security ecosystem.
It’s designed for the way modern security teams work: connected, automated, and focused on operationalizing human risk signals wherever they matter most.
The Opportunity: Democratizing Human Risk Signals Across Your Security Ecosystem
The Mimecast Human Risk Command Center centralizes and scores human risk data from 17 different integrations: phishing, malware, sensitive data handling, identity, phishing simulations, and training. It gives security teams a powerful lens into their organization's risk posture.
But a lens is only useful if you can act on what you see. Until now, teams had no seamless way to move that data into the systems where decisions actually get made — SIEMs, SOARs, identity platforms, or internal dashboards. The Human Risk Public API changes that. Your data goes where you need it.
Real‑World Applications for Modern Security Teams
We know our customers don’t adopt APIs just because they’re exciting technology. You adopt them to solve real problems: reducing manual effort, automating what shouldn’t be manual, and closing security gaps faster. The API provides secure access to risk scores, behavior events, attack factor insights, group-level trends, and up to 12 months of historical data — so you can embed human risk intelligence wherever it matters most.
Here’s how you can do exactly that with the Human Risk Public API:
- Executive Risk Scorecards: Pull monthly Human Risk and Attack Score trends directly into your own dashboards and reporting tools. Give leadership a live, branded view of your organization's security posture — without manual exports or one-off slide builds.
- Incident Response with Human Context (SIEM Enrichment): Imagine an analyst investigating a suspicious login. With API access, their SIEM can automatically pull that user's risk score, training history, recent phishing behavior, and attack exposure. The analyst has the context to determine if this was a true compromise — or a false alarm for a low-risk user.
- Automated Risk-Based Actions (SOAR Playbooks): Security workflows often rely on slow, manual steps. Now, a SOAR playbook can automatically flag users for review, escalate tickets, or apply stricter monitoring when risk scores cross a threshold — enabling adaptive, risk-based defense and faster, more consistent incident response.
- Department and Location Risk Heatmaps: Aggregate risk data by team or office to pinpoint exactly where to focus remediation efforts. Rank departments and locations by average risk score to drive targeted training and intervention campaigns.
- Personalized Manager Dashboards: Give managers a filtered view of their own team's risk exposure. By querying individuals by manager, you can build self-service portals that empower team leads to monitor and act on risk — without waiting on security to pull a report.
Why This Matters: Human Risk Data Only Works When It Moves
The launch of the Human Risk Public API may seem simple on the surface—but it represents a major shift in how organizations can use human risk insights.
For too long, human risk data has been siloed, stuck in dashboards, and disconnected from the tools where real security decisions are made. The API changes that by making this data portable, actionable, and ready to integrate into the systems your team already relies on.
With programmatic access:
- Risk signals become inputs to decision-making, more than just dashboard metrics.
- Teams reduce investigation time and manual effort by embedding human risk data into existing workflows.
- Organizations build automation and adaptive controls on an objective foundation—behavioral insights
Looking Ahead: Unlocking the Full Potential of Human Risk
The Human Risk Public API is part of a long-term vision to make human risk a first-class signal across your entire security ecosystem. From today, this release empowers customers to bring human risk signals into the center of their security operations.
Get Started Today
Ready to configure your Human Risk Public API and begin sharing Human Risk Command Center insights beyond the Mimecast platform? The API is available to all Human Risk Command Center customers at no additional cost. Log in to the Mimecast Admin Console, navigate to Human Risk > Integrations > API and Platform Integrations > Mimecast API 2.0. Be sure to review the Service Update.
