Security awareness training has come a long way from its origins as a compliance checkbox. Today, it’s evolving into what is called human risk management. KnowBe4 is embedding behavioral science, real-time coaching, and artificial intelligence into its HRM platform.
These steps reflect a growing understanding in the cybersecurity world: technology alone isn’t enough. Employees remain the primary target of cyberattacks, so changing their behavior is key to reducing organizational risk. As Martin Kraemer, Security Awareness Advocate at KnowBe4, puts it in an interview with Techzine: “We were one of the first training providers to focus on behavior. It’s not just about awareness, it’s about action.”
From compliance to human risk management
The transformation begins with a fundamental rethinking of what security training should achieve. Traditional programs were designed to meet compliance requirements such as PCI DSS, HIPAA, or ISO standards. They often involved a single annual training session and a follow-up quiz. “If you actually train your employees once a year, that’s as good as not training them at all,” says Kraemer.
This…
