[background image] image of a workspace (for a mobile gaming)

Building a Human-Centric Security Risk Dashboard for SMEs

Designing a clear, actionable, and scalable dashboard that helps SME leaders identify, understand, and mitigate human risk—the leading cause of cybersecurity incidents in 2025.

View work

📌 Introduction

In 2025, the landscape of cybersecurity shifted dramatically. For years, organizations had invested billions into strengthening their technology stacks — but breaches continued to rise.

The problem was no longer just weak technology; it was people.
According to Mimecast’s State of Human Risk (SOHR) 2025 Report, human error now accounts for the majority of security incidents.

From misaddressed emails to credential misuse, the human factor emerged as the single largest vulnerability.

[digital project] image of a graphic design on a screen (for a web design agency)
image of a brainstorming session (for a consulting firm)
🔍 The What: Evidence From SOHR 2025

The SOHR 2025 report revealed several insights that framed the challenge:

95% of all data breaches stem from human error.

79% of leaders agree collaboration tools introduce new threats.

81% are concerned about Generative AI misuse, yet over half lack a clear strategy.

🎯 The Why

My Validation & Reasoning

While reviewing industry reports, I also conducted secondary research to validate these findings. I found two consistent gaps in existing security dashboards:

Too Complex — Enterprise SOC Dashboards

Enterprise-grade dashboards like Microsoft Defender and Proofpoint provide extreme depth. But they assume the user has a trained security team to interpret the data. For SME leaders, these tools overwhelm rather than empower.

Too Shallow — Lightweight SaaS Tools

On the other end, some SaaS dashboards oversimplify risks. They flag issues but fail to guide leaders on corrective actions, leaving them uncertain about how to respond.

[digital project] image of a graphic design on a screen (for a web design agency)
image of a brainstorming session (for a consulting firm)

🎯 The Design Challenge

The design question became:

How might we design a dashboard that helps SME leaders identify and mitigate human risk, without needing SOC expertise?

Measure compliance, policy adherence, and employee behavior in a way leaders could trust.

Translate complex security risks into simple, actionable insights.

Balance clarity with depth, so the dashboard is approachable but not superficial.

To answer this, the solution needed to:

🖼 Competitor Landscape

Inspiration and Gaps

To better understand the visual and functional space, I explored competitor dashboards across three tiers:

[digital project] image of a graphic design on a screen (for a web design agency)
image of a brainstorming session (for a consulting firm)

Used these references as a moodboard for visual language, but intentionally designed a middle ground → clarity with actionable depth.

Lightweight tools oversimplify risks, leaving leaders unsure of next steps.

Found that enterprise dashboards are data-heavy and assume SOC expertise.

Looked at leading dashboards (enterprise-grade, mid-market tools, and lightweight SaaS).

🛠 The How

Answering the How?

Moving from research based on my resourses i do have access to right now to design, I followed a structured yet iterative process.

1. Information Architecture

I began by mapping out the types of information SME leaders need at first glance versus what they might want to drill deeper into. The goal was to keep the overview simple but provide clear pathways to deeper insights.

[digital project] image of a graphic design on a screen (for a web design agency)
[digital project] image of a graphic design on a screen (for a web design agency)

2. Wireframes and Early Concepts

I sketched multiple directions: one mimicking enterprise-style layouts, another closer to lightweight SaaS. Through feedback loops, I discarded extremes and focused on a hybrid approach: an overview dashboard with quick actions and drill-down capabilities.

3. Iterations and Refinement

With each iteration, I tested with peers (non-security users) and A.I. to ensure the dashboard felt approachable, while still resonating with the seriousness of security.

[digital project] image of past client project on a digital tablet screen (for a graphic design studio)
View Prototype
[digital project] image of interface explaining ai curriculum
🔄 Iteration & Validation

Results

When I wrapped up my first version of the dashboard, I knew it couldn’t stop there. Cybersecurity is too complex to assume that a single pass would “get it right.” Just like in real-world product work, the real value emerges when designs are stress-tested against fresh eyes and perspectives.

[digital project] image of interface explaining ai curriculum
View Prototype

Validation

image of computer screen displaying ai software
Not Just Testing, But Reassurance
For me, validation wasn’t a formal usability lab — it was about going back to the same circles and asking:
“Do these changes solve the concerns you raised?
Do they feel closer to how an SME leader would actually use this?”

I treated it as a loop of feedback and refinement, rather than a single “sign-off.” In a way, validation here was simply another layer of feedback, but sharper — not about spotting problems this time, but confirming that my solutions landed.
On an upcoming call, I also plan to share this version with a more senior design contact.
The hope is to see whether the structure holds up to scrutiny in conversation: can the flow of the dashboard be explained in under a minute, and does it resonate with someone who’s been closer to enterprise-level dashboards?