Building a Framework for the Management of Human Risk in Cyber Security

Management of human risk in cyber security

One of the most important question we CISOs are trying to answer is:

Why are most data breaches still down to human error?

Despite the fact that we are all running some form of security awareness program and have been for a long while, getting high compliance rates. Most security breaches, around 90.5% are still caused by human error.

So what are we missing?

We seem to be settling. We seem to be settling for that tick box approach, I mean if we are compliant, we’re ok right?

Here’s the thing, there’s no reason why we can’t use compliance as a catalyst to go beyond the tried and tested security awareness measures that we all know about.

Put succinctly, if we are to win, awareness programs need to evolve!

Ideas to get Beyond Security Awareness

  • What if we used the data gathered from our awareness activities to understand our people and work with stakeholders around the business to rewrite a policy, re-engineer processes, make changes to technology to make security fit how people actually work?
  • What if we looked at whether we could automate a process and remove the security burden for staff?
  • What if we thought about how security affects staff productivity and how we could make security friction-less

When we do a 180 and appreciate the pain points for staff, then we’ll be on the right path. Then we’ll move Beyond Security Awareness.

As an industry we’ve spoken far too much about how we need to build security for people, yet very little has been done to move the needle. With that said, why not join OutThink in a webinar as we discuss the topic with leading academics and practitioners in the field.

At the end of the session you will better understand how to take the latest research into human- centred security and apply it in a practical and effective way. You’ll also learn about our framework that we are developing to manage human risk in cyber security.

Watch the replay here and listen experts in the field including:

  • Prof. M. Angela Sasse (FREng) – With over 20 years in this field she is Professor of Human-Centred Security at Ruhr University Bochum and University College London (UCL) and is Chief Scientific Advisor at OutThink. 
  • Dr. Phil Morgan – Is the director of the Human Factors Excellence (HuFEx) Research Group at Cardiff University and is the Senior Researcher and Technical Lead in Cyber Psychology and Human Factors at Airbus. 
  • Paul Sharf – Is an experienced leader and Group CISO of FTSE100 business, BUNZL. Paul is responsible for strategy and delivery of digital security transformation programmes to protect data, employees, brand and revenue in large complex organisations.

Key topics covered in this live webinar:

  • Why we need to move beyond security awareness, towards cyber security human risk management
  • What the research into human-centred security highlights  
  • A CISO eye-view of reality on the ground  
  • A Framework for the Management of Human Risk in Cyber Security

Watch the recording of this webinar called “Beyond Security Awareness” below.

Subscribe for updates
Stay on top of the latest news and announcements on human risk

  • This field is for validation purposes and should be left unchanged.