When a breach
happens, people
are always
part of the story.
We combine rigorous technical incident response with deep expertise in human behaviour, organisational psychology, and security culture. Because how your people responded matters as much as what was breached.
Engage us →Incident response that looks
at the whole picture
Technical forensics handles what happened. We handle why it happened, and how to ensure it does not happen again.
Rapid Response Coordination
Immediate triage, stakeholder management, and response orchestration. Our technical partner leads containment and forensic investigation while we manage the human and organisational dimension in parallel.
Insider Threat Assessment
Behavioural analysis of potential insider involvement, using the pAth psychometric methodology to identify risk indicators, assess intent and opportunity, and inform appropriate response without false accusation.
Post-Incident Review
Beyond technical root cause analysis, we examine the behavioural and cultural conditions that enabled the incident, producing actionable findings on training gaps, process failures, and security culture deficits.
IR Readiness Assessment
Evaluate your organisation's preparedness before an incident occurs. We assess detection capability, response procedures, communication protocols, and critically, your team's psychological readiness to perform under pressure.
Tabletop Exercises
Realistic scenario-based exercises that test not just technical response, but decision-making under stress, leadership dynamics, and cross-functional communication. Scenarios are designed using real threat intelligence.
IR Retainer
Ongoing advisory for organisations that need structured incident response capability without full in-house resource. Includes quarterly readiness reviews, priority response access, and continuous human risk monitoring.
Technical forensics tells you what
happened. We tell you why.
Most IR providers stop at the technical root cause. We go further.
Every security incident has a human story. Whether it is a phishing click made under pressure, a disgruntled employee with elevated access, a well-intentioned developer who bypassed a control, or a social engineering attack that exploited trust, the technical vector is rarely the full picture.
Anima People brings organisational psychology, behavioural science, and the pAth human risk assessment methodology into the incident response process. This allows us to identify not just what failed, but the psychological, cultural, and structural conditions that created the vulnerability.
Without understanding the human layer, remediation is incomplete. The same conditions that enabled the first incident will enable the next.
Understanding actor intent and context
Was this opportunistic, negligent, or deliberate? The distinction shapes both the legal response and the remediation strategy.
Why security culture failed at this moment
Security incidents expose cracks in culture that existed long before the breach. We identify them systematically.
How your team performs under pressure
Cognitive load, stress response, and role clarity all affect how people perform during an active incident. We assess and strengthen this.
Identifying and managing human risk proactively
Using pAth assessment indicators, we identify individuals and teams that represent elevated risk before incidents occur.
The pAth psychometric
approach to human risk
pAth is a proprietary psychometric methodology developed by Anima People for assessing human risk in security contexts. It draws on occupational psychology, behavioural science, and security research to produce structured risk profiles that are both evidence-based and actionable.
A coordinated response across
technical and human dimensions
We work in parallel with your technical IR partner, ensuring the human layer is investigated and addressed with the same rigour as the technical layer.
Activation and initial briefing
Within hours of engagement, we establish a clear picture of the incident scope, affected systems and people, and the immediate stakeholder landscape. We identify the human vectors and actors of interest from the outset.
Hours 0 to 4Parallel technical and behavioural investigation
Our technical partner leads forensic containment and evidence preservation. Simultaneously, we conduct structured interviews, behavioural observation, and review of communication and access logs for human risk indicators.
Days 1 to 5Stakeholder and communications management
We support executive communication, board briefings, and regulatory notification where required. Managing how the organisation communicates internally during an incident is itself a critical risk control.
OngoingIntegrated findings and root cause analysis
We produce a unified report combining technical and human root cause analysis. This goes beyond CVE attribution to identify the behavioural, cultural, and structural conditions that enabled the incident.
Week 2 to 3Remediation and cultural recovery
We develop a targeted remediation plan addressing both technical controls and the human risk factors identified. This includes training interventions, policy revision, leadership coaching, and where required, HR or legal support.
Weeks 3 to 630-day review and lessons learned
A structured review session with leadership assesses the effectiveness of remediation, the recovery of team confidence and function, and any residual human risk indicators requiring ongoing monitoring.
Day 30Ready to strengthen your
incident response capability?
Whether you need immediate response support, a readiness assessment, or want to discuss a retainer arrangement, we would welcome a conversation.
