Frequently Asked Questions

Nexus-7 is a scientifically validated cybersecurity risk assessment platform that uses Q-methodology to identify human vulnerabilities to cyber attacks. Unlike traditional security awareness training that treats everyone the same, Nexus-7 measures individual behavioral patterns and risk profiles, enabling organizations to deliver targeted training where it's most needed.

Q-methodology is a scientific research technique with over 80 years of validation in psychology and behavioral science. It reveals nuanced behavioral patterns by having participants sort scenarios according to their subjective viewpoints. For cybersecurity, this means we can identify which employees are truly vulnerable to phishing, social engineering, and compliance violations - not just who knows the right answers on a multiple-choice test.

Traditional training treats all employees the same, wasting resources on people who are already security-conscious. 95% of cyber breaches start with human error, yet only 11% of security budgets focus on human risk. Nexus-7 identifies exactly who is vulnerable, allowing you to target training where it's most effective. This reduces costs by up to 40% while actually lowering risk.

Q-methodology has over 80 years of scientific validation in peer-reviewed research. It's globally recognized in psychology, behavioral science, and risk assessment. Unlike superficial questionnaires that companies make up themselves, our approach is academically rigorous and validated by thousands of studies that accurately predict behavior.

The assessment takes approximately 15 minutes to complete. Employees sort 42 cybersecurity scenarios on a distribution board from -3 (least characteristic) to +3 (most characteristic). The interface is intuitive and works on desktop, tablet, and mobile.

Participants are presented with 42 realistic cybersecurity scenarios (e.g., 'A colleague asks for your password to finish an urgent task'). They sort these cards into a Q-sort distribution that reveals their instinctive responses - not what they think is the 'correct' answer. This behavioral sorting uncovers underlying risk profiles that traditional tests miss.

Nexus-7 measures 7 awareness levels (from basic security awareness to advanced threat detection) and 11 impact areas (email security, password management, data protection, physical security, social engineering, device security, network security, incident response, compliance awareness, privacy awareness, and remote work security). This provides a complete picture of someone's cybersecurity posture.

You choose. Nexus-7 supports three modes: fully anonymous assessments for group analysis, personalized assessments for individual development, and group assessments where people identify themselves to their organization but remain anonymous in reports. All options are GDPR-compliant.

Nexus-7 uses enterprise-grade security: end-to-end encryption, ISO 27001 certification, SOC 2 Type II compliance, data stored in EU datacenters (for GDPR compliance), regular security audits and penetration testing, and zero-knowledge architecture where possible. Your assessment data is safer than most HR systems.

Yes, fully. We're built with privacy-by-design principles: data minimization (we collect only what's needed), transparent data processing, right to access and deletion, data portability, and all data stored in EU. You remain the data owner and can export or delete your data at any time.

You decide. By default, only account admins see aggregated results. Individual results can be made visible to HR, managers, or the participants themselves, depending on your configuration. We support role-based access control (RBAC) so you can precisely control who sees what.

You control the retention period. By default, we retain assessment data for 3 years for trend analysis, but this is configurable. You can export or permanently delete data at any time. We comply with all GDPR data minimization requirements.

We offer flexible pricing: one-time purchase (from €45 per test at small volumes to €15 at 500+), and monthly subscriptions (from €22.50 per test to €6.75 at 1000+ tests). Enterprise pricing available for large implementations. No hidden costs, no setup fees.

No. You can start with just 1 test. Our pricing scales with your needs. Many organizations start with a pilot of 10-25 employees before rolling out company-wide.

Nexus-7 is designed for rapid implementation. Most organizations are operational within 1-2 days: day 1 - account setup and send invitations, day 2 - first results available as assessments are completed. No complex IT integration needed, though we support SSO and API integrations for enterprise customers.

Enterprise features include: Single Sign-On (SSO) with SAML 2.0, API access for integrations, dedicated account manager, custom branding and whitelabeling, bulk imports and SCIM provisioning, advanced reporting and analytics, multi-tenant management for resellers, and SLA guarantees with 99.9% uptime.

You receive comprehensive reports at multiple levels: individual risk profiles with personalized training recommendations, group analyses identifying vulnerability patterns, cluster analyses revealing behavioral categories, management dashboards with KPIs and trends, and benchmark reports comparing your organization to industry standards. All reports exportable to PDF, Excel, and CSV.

ROI is measurable through: preventing just one data breach (avg €3.9M in Netherlands) pays for years of Nexus-7, up to 40% reduction in training costs through targeted approach, quantifiable improvement in risk scores over time, and reduced incident rates. Our ROI calculator on the pricing page shows your specific business case.

Yes. Nexus-7 supports repeated assessments (recommended quarterly or bi-annually). You'll see trend analyses showing behavioral improvements, identify which training was effective, and measure the impact of security incidents on awareness. Dashboards show progress metrics and benchmark comparisons.

Yes. Nexus-7 provides anonymous benchmark data filtered by industry, company size, and region. You'll see how your organization scores versus peers, identify areas where you're lagging or excelling, and justify security investments with data. All benchmark data is anonymized and GDPR-compliant.

Nexus-7 is available in Dutch, English, and Papiamento, with more languages in development. The interface, assessments, and reports are fully localized. Employees can select their preferred language.

We offer: SSO with SAML 2.0 (Azure AD, Okta, Google Workspace, etc.), SCIM for automated user provisioning, REST API for custom integrations, webhooks for real-time notifications, and export to LMS/training platforms. Enterprise customers get dedicated API documentation and developer support.

Yes, fully responsive. The assessment interface is optimized for desktop, tablet, and smartphone. Employees can complete assessments on any device with a modern browser. No app installation required.

Nexus-7 works on all modern browsers: Chrome, Firefox, Safari, Edge (latest 2 versions). We also support mobile browsers on iOS and Android. No plugins or extensions required.