Falanx Cyber Ltd

CybSafe - Cyber Security Awareness, Behaviour and Culture Analysis, Training and Risk Mitigation

CybSafe is a British cyber security technology company. The next-generation, award-winning, AI-driven security awareness training platform uses GCHQ accredited content, advanced analytics, psychology and behavioural science to measure, understand and report on cyber security culture, increase employee engagement and demonstrably reduce human-cyber and data protection risk.


  • GCHQ & IISP accredited training developed by former Government specialists
  • Content and platform features grounded in psychology/behavioural science
  • Machine learning technology customises content, putting security into context
  • Advanced proprietary analytics measure user awareness, behaviour and culture
  • All content is updated and improved throughout license period
  • Ongoing adaptive user testing ensures retention of learned knowledge
  • Sharing and communication features encourage user interaction, adoption and engagement
  • Supply chain assurance tool allows oversight of supply chain risks
  • Fully customisable content to reflect organisational policy and procedure
  • Integrated simulated attack tools include phishing, smishing and USB drops


  • Human-centric design empowers users to contribute and engage with security
  • Demonstrably reduces human-cyber risk including phishing click rates
  • Demonstrably increases user engagement, communication and improves attitude
  • Plug-and-play design requires no input from admins after initial setup
  • Allows complete oversight of organisational cyber awareness, behaviour and culture
  • Administrator dashboard allows comprehensive reporting for easy demonstration of compliance
  • See genuine change in organisational security culture
  • Learning content accessible remotely, at any time, reducing user downtime
  • Completion will comprehensively support compliance with GDPR and NISDirective


£6.80 to £20.60 per user per year

  • Education pricing available

Service documents

G-Cloud 10


Falanx Cyber Ltd

Tom Evans



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints CybSafe routinely release updates during business hours operating a zero downtime deployment policy. Any significant maintenance requiring outage will take place outside of business hours after reasonable notice has been provided.
System requirements Browser and internet access

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Basic support is 1 -2 days response via email.
User can manage status and priority of support tickets No
Phone support No
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Click on the web chat bubble.
Web chat accessibility testing Unknown.
Onsite support No
Support levels Basic service level is 1 -2 days response.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We understand that every organisation is different, and that the process to achieve maximum user engagement will vary between organisations. The following represents the typical process clients go through prior to deployment. However, we encourage you to liaise with our product specialists and customer success team leading up to your deployment to ensure it’s right for you. 1. Planning session takes place with a product specialist to scope requirements and plan custom learning content (CybSafe Custom only). 2. Technical scoping session conducted. Custom integrations may also be added (CybSafe Custom only). 3. Client admins are on-boarded and one-to-one training is provided. 4. Client admins assess training content and add contextual annotations and links to organisational policies. 5. (Optional) A simulated attack campaign - including phishing, smishing and USB drops - is conducted up to a month in advance of deployment to baseline user behaviour. 6. Initial knowledge check and cultural assessments are conducted to baseline user awareness and attitude.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Digital Records/Downloads.
End-of-contract process Full deletion and erasure of users data and custom links and comments.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Mobile App-Format (Beta Version).
Accessibility standards None or don’t know
Description of accessibility Unknown.
Accessibility testing Unknown.
Customisation available Yes
Description of customisation Additional links, comments and notes can be incorporated into the platform, to enable organisations to provide additional information such as links to Policies and procedures.


Independence of resources Cloud based, scaling only limited by per person seat licences purchased.


Service usage metrics Yes
Metrics types The backbone of the CybSafe software is an analytical engine that provides easily digestible information and insight. CybSafe uses analytics (the systematic analysis of data or statistics) to develop an understanding of several areas more traditional question-and-answer training would struggle record, let alone analyse. The analysis covers: levels of user understanding, changes in behaviour, points of vulnerability, areas of risk, relevant cyber threats and user provided insight and lessons learnt. CybSafe measures and analyses user activity. It then visually portrays the results through graphical displays in a series of dashboards.
Reporting types Real-time dashboards


Supplier type Reseller (no extras)
Organisation whose services are being resold CybSafe Ltd.

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach On request.
Data export formats
  • CSV
  • Other
Other data export formats PDF
Data import formats Other
Other data import formats No uploads

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 95% uptime.
Approach to resilience Cloud based service with resilient architecture.
Outage reporting As agreed via service management.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Whitelisted IP and dedicated EUD.
Access restriction testing frequency At least once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • GCHQ Certified Training (GCT)
  • IISP Accredited Learning Content
  • Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Cyber Essentials
Information security policies and processes Cyber Essentials and GDPR.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Industry best standard.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Industry standard.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Industry standard.
Incident management type Supplier-defined controls
Incident management approach Industry standard.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £6.80 to £20.60 per user per year
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑