Skip to content

Our ESG Policy 

We are a social impact start up. Our mission is to reduce the digital skill gap and make modern digital society safer for everyone. Our Sustainability Policy serves as a guide for us as a company so that we can ensure that our decisions, objectives and investments align with our mission. This policy document is a starting point and we know we will need to continually update it as we strengthen our ESG frameworks as we grow. 



As a young software company, it is difficult for us to have a significant climate impact – positive or negative. We do not let it discourage us from making the right choices where we can.  

We only buy carbon neutral energy for our office spaces. We maximize recycling and make sustainable choices with everything we buy. Whenever we buy food or catering, we choose vegetarian or vegan options. 

We encourage remote work, sustainable commutes and minimal travel. We aim to select environmentally sustainable partners. 



Diversity, Equity and Inclusion 

A diversity of diversities is at the core of our mission. We need a team that looks like everyone to build CyberCoach for everyone. From the start, we have aimed at maximizing all kinds of diversity within the team.  

As a privacy-forward company, we currently do not gather any self-identification information. It makes it difficult for us to accurately measure and set clear targets for different types of diversity.  

We do aim to maintain gender parity across all seniority levels, but understand that in the near future, it may be impossible to achieve for more senior roles. Diverse hiring for senior roles is difficult as the cyber and tech industries have only recently managed to attract more diverse young talent. We continue to bring new diverse talent into the industry through our Internship Program. The true test for our DE&I efforts longer term is to what extent we are able to grow our diverse hire interns and juniors into senior talent. 

Equity and inclusion are defining characteristics for our culture, how we work and interact. We include a diverse group in planning our external and internal communications, internal development and events, to ensure they are truly inclusive and psychologically safe for everyone.   

As a young company we also acknowledge that there is much for us to learn and there will be a need to define and measure more as we grow. 

Pay and Rewards Policies 

We pay equal pay for equal work. At Cult, we tie salaries to career level, and they are the same for everyone in the same role and in the same country. As we grow, we will work to ensure everyone has an equal opportunity to progress in their career at Cult.  

We pay fair salaries to everyone at all career levels. Career level salaries are transparent to all employees to ensure fairness. 

Philanthropy and Community Engagement 

Today security awareness correlates with socioeconomic status. Unfairly, those most vulnerable are often also the ones least able to protect themselves. Cybersecurity and online privacy have become privileges reserved for a few. Already disadvantaged individuals are at risk, and this inequality fuels division that threatens our society and democracy. We develop CyberCoach to democratize access to digital security skills. We offer CyberCoach at a low price point to make it accessible for even the smallest of organizations. We are active across communities promoting digital equality and digital safety skills. 


We are committed to the highest standards of business ethics. Our Code of Conduct describes our proactive approach to not only do what is right at work but also contribute to making the internet safer for everyone outside work.  

Cybersecurity and Privacy  

Our business is cybersecurity and data protection.  We are champions for Cyber Responsibility towards our customers, their employees and society. We contribute to societal safety through employee activity and information sharing. We advocate for the privacy of our employees, and the privacy of the employees of our customers. We challenge ourselves and other companies to minimize personal data processing and maximize transparency and individual rights. Where needed, we develop new frameworks and tools for our business processes to minimize the amount of personal data we process and maximize its security.   

Our information and privacy risk management policies and processes follow the principles of ISO27001:2013 and ISO/IEC 27701:2019, respectively. We continually identify potential risks, develop, implement and monitor compliance with laws and regulations. As a security training company, we provide continuous and comprehensive security and privacy awareness training to all employees. 

Supply Chain 

We critically evaluate the privacy and security practices of our partners, in addition to reviewing their reputation and governance. We do not do business with companies supporting authoritarian regimes and/or terrorist states.