Cyber Story by Human Managed

Stop hunting for your security state.

Cyber Story is the cybersecurity dashboard inside invicta.io. It pulls your exposure, active threats, asset coverage, and response effectiveness into one view — scored, trended, and explained in plain language — so your team can spend less time piecing things together and more time acting on what matters.

Request a Briefing

Cyber Story dashboard with security status, asset coverage, DREAD SCOUT DRARC breakdown, and domain coverage

The problem isn't visibility. It's fragmentation.

Most security teams already have the data. It's scattered across a SIEM, an EDR console, a vulnerability scanner, an asset inventory, and a ticketing system — each one telling part of the story, none of them talking to each other. Stitching it together before a Monday morning briefing isn't a visibility problem. It's just expensive, manual work that shouldn't exist.

Cyber Story was built for that gap. One dashboard inside invicta.io, nine connectable domains, and a security score calculated from your actual environment data — not a survey, not a gut check. Intelligence your team can act on from the moment they log in.

Three metrics. One security score.

One number isn't enough. Here are three.

"Are we secure right now?" sounds like one question. It's actually three. What are you exposed to? What's actively moving against you? How well is your team responding? Cyber Story measures each one separately — then combines them with transparent, adjustable weighting so you can see which lever is pulling the score.

DREAD

What are you exposed to?

What your surface makes possible, right now

DREAD doesn't measure what attacks have happened. It measures what your current gaps make possible. Every issue gets scored across five dimensions, rolled up by domain, then weighted by how critical the affected assets are. A high DREAD score on the dashboard means your exposure is low — better is better, the way you'd expect it to read.

Damage potential
Reproducibility of exploits
Exploitability
Affected asset scope
Discoverability

40% of the overall security status score

SCOUT

What's happening right now?

Not just whether threats exist — whether they're growing

SCOUT measures what's actually moving against you right now. Detections, anomalies, patterns that match known attack behaviour — grouped into clusters and scored. The uptick dimension is worth noting: it doesn't just ask "are there threats?" It asks whether they're accelerating faster than your normal baseline. A slow steady pattern and a sudden spike are not the same thing. SCOUT captures the difference.

Severity of active detections
Confidence (signal vs. noise)
Occurrence across assets
Uptick vs. normal baseline
Threat intel alignment

40% of the overall security status score

DRARC

How well is your team responding?

Built from the numbers your tools already produce

DRARC is different from the other two. Where DREAD and SCOUT assess your environment, DRARC assesses your team. It's built almost entirely from operational metrics your existing tools already track — detection speed, response speed, containment, recovery, automation. No estimates. No surveys. Detection and response each carry 25% of the weight because they're where the difference shows up first.

Detection speed (MTTD)
Response speed (MTTR)
Containment effectiveness
Recovery efficiency
Automation coverage

20% of the overall security status score

Nine domains. Every blind spot named.

Cyber Story works across nine security domains. You don't need all nine connected on day one — but the score will tell you exactly what's missing. Blind spots aren't silently excluded. They're flagged, so you know what your current coverage is actually based on.

Identity

Who has access to what — and whether that access is being used normally. User accounts, authentication events, privilege levels.

Network

What's moving across your infrastructure. Traffic flows, perimeter controls, lateral movement, connectivity posture.

Endpoint

The devices doing the work. Patch state, agent coverage, endpoint detections across your fleet.

Application

Your software surface. Vulnerabilities, code dependencies, and threats at the application layer.

Cloud

Cloud infrastructure across providers — misconfigurations, resource exposure, access controls.

Data

Where your sensitive data lives and who can reach it. Classification coverage and access controls.

API

Your API inventory, authentication state, and the exposure of backend services.

AI model usage across your organisation — including shadow AI and the risk posture of AI-connected systems.

Facility

Physical access, OT/IoT devices, and infrastructure connected to your facilities.

What your team sees from the moment they log in

Every view is designed around one question: what do I need to act on right now?

A security score with a confidence rating attached

The top-line score tells you where you stand. The confidence rating — built from telemetry coverage, data freshness, and enrichment completeness — tells you how much to trust it. Both matter. A score with 40% confidence means something different than one at 90%.

Asset coverage that tells you what's missing, not just what's connected

Source coverage, stream health, and criticality alignment across every domain. If five of your nine domains aren't connected, the dashboard says so — clearly. The score reflects what your environment is actually producing, not what you hope it is.

Domain-level scores you can click into and explain

Each of the nine domains is scored individually across DREAD, SCOUT, and DRARC. You can drill into any one of them for a detailed breakdown — or hit Explain to get the reasoning in plain language without leaving the dashboard.

Critical assets — and how long they've been critical

Assets that have crossed into the critical tier are surfaced immediately, with days-in-red-zone tracking. An asset that's been critical for 14 days deserves different urgency than one that turned red this morning. Cyber Story makes that visible.

A 14-day trend so direction is never hidden

DREAD, SCOUT, and DRARC plotted over time. A score of 72 means something different if it was 81 two weeks ago. The trend is a check on the number — and on the story you're about to tell your stakeholders.

When a number raises a question, just ask it.

Your team shouldn't need to know which domain to click or which metric drove a change. Cyber Story's in-built assistant answers questions about your environment in plain language — grounded in your actual data, not generic guidance.

The Explain button is available on every score, dimension, and anomaly throughout the dashboard. The reasoning behind any number is never more than one click away — which means your analysts can move faster, and your leaders can ask harder questions.

Cyber Story Assistant

Why has our DREAD score dropped this week?

Your DREAD score has declined from 78 to 72 over the past five days, driven primarily by two factors in the Network domain.

Exploitability has increased due to three newly discovered CVEs (CVSS ≥ 7.0) affecting unpatched devices in your perimeter. Discoverability has also risen — two of these assets are reachable externally. Asset criticality weighting is amplifying both signals.

Recommended next step: review the Posture & Exposure tab for the affected asset list, or I can summarise it here.

Which assets have been in the red zone for more than 7 days?

Four assets are currently flagged as critical with more than 7 days in the red zone. The longest-standing is demo-prod-server-01 at 14 days, scored critical across Network and Endpoint domains. The others range from 8 to 11 days and sit primarily in the Application domain.

Would you like a summary of the top drivers for each, or would you prefer to go to the asset state page?

Frequently Asked Questions

Who is Cyber Story built for?

Security teams who need to answer "are we secure right now?" quickly, credibly, and without opening five different tools. That includes hands-on analysts who need to know where to focus, and security leaders who need to brief stakeholders without spending a morning assembling the picture first.

How is the security score calculated?

It's a weighted combination of three proprietary metrics: DREAD (exposure risk, 40%), SCOUT (active threat pressure, 40%), and DRARC (response effectiveness, 20%). Each one is built from the data your connected domains actually produce. The weighting reflects a deliberate point of view: the best response is having less to respond to — which is why exposure and active threats together carry 80% of the score.

Can we adjust the metric weightings?

Yes. The defaults are a good starting point, but each dimension within DREAD, SCOUT, and DRARC can be adjusted to match your organisation's risk priorities and business context. The score should reflect your environment, not a generic template.

What does invicta.io connect to?

Cyber Story works across nine security domains: Identity, Network, Endpoint, Application, Cloud, Data, API, AI, and Facility. You don't need all nine on day one. But the ones you haven't connected will be flagged — so you always know what the score is and isn't based on.

How is this different from what our SIEM already shows us?

A SIEM surfaces events. Cyber Story surfaces state. Instead of a stream of alerts waiting to be triaged, you get a scored, trended, and explainable view of where things stand — with an assistant your team can ask questions in plain language. The goal isn't to replace your SIEM. It's to make the picture it produces easier to act on.

How do we get access?

Cyber Story is part of invicta.io by Human Managed. Get in touch to arrange a demo or talk through what deployment looks like for your organisation.

Less time assembling the picture. More time acting on it.

Cyber Story is available as part of invicta.io by Human Managed.

Request a Briefing