Recognizing that legacy security awareness & training (SA&T) solutions weren’t effectively changing behavior or instilling a security culture, Forrester announced its vision for human risk management (HRM) as a new approach to override SA&T’s shortcomings in 2022. We changed the market name in 2024, formally defining HRM, and evaluated vendor solutions for HRM, encouraging organizations to leave SA&T behind and adopt a new way of doing things. It caught on.
Eighteen months after publishing that vision blog, HRM has blossomed into a distinct, expanding market, attracting the interest and budget of many organizations. This blog unpacks the evolution of HRM in the 18 months since that bold, yet necessary, move.
A Primer: What Is HRM Again?
In a nutshell, HRM is a profound change of mindset, strategy, process, and technology that approaches human-related breaches in a new way. HRM quantifies human risk based on a set of inputs about a person: identity data, security behaviors and events, digital footprint and exposure, and security awareness. Understanding an individual’s risk context allows you to manage risk by providing personalized guidance at the right…
