Amid frequent warnings about the advanced capabilities of cyber threat actors, targeting human frailties remains the primary initial access method for attackers. This reality has led to the development of human risk management (HRM), a concept that places a focus on targeted, intelligence led interventions to improve security behaviors.
The scale of human risk factors was highlighted in Verizon’s 2024 Data Breach Investigations Report (DBIR), which found that 68% of all breaches involved a non-malicious human element in 2023.
Cybersecurity awareness training has been commonplace in organizations for many years, yet problems around human errors persist, such as clicking malicious links in phishing emails.
Training alone is insufficient to deal with this problem, especially as the human involved is often not to blame.
John Scott, Lead Cyber Security Researcher at CultureAI, told Infosecurity: “People will always make mistakes. That’s not a moral failing, sometimes that’s because of factors like the system, the fact that your boss is shouting at you to get something done quickly.”
This recognition has given birth to the concept of human risk management (HRM), which…
