Transitioning Discussion to Implementation: Accelerating Human Risk Strategies Within 18 Months

The upcoming Security & Risk Summit, set to take place in Austin in November, is set to spotlight a new and exciting approach in the realm of cybersecurity: Human Risk Management (HRM). This innovative approach, aimed at overcoming the limitations of traditional security awareness and training (SA&T) solutions, has been gaining traction and attracting the interest of numerous organisations over the past year.

The concept of HRM was formally defined in 2024, and since then, a host of vendor solutions have emerged, encouraging organisations to adopt this forward-thinking approach. However, the specific brand names of these solutions remain undisclosed in the search results.

Jinan Budge, a prominent figure in the cybersecurity industry, will be speaking at the event, both in London and digitally. Her session, titled "Shift From Talk To Action: Chart Your Human Risk Management Roadmap," will provide valuable guidance on building an HRM roadmap, the technologies needed, creating a business case, resourcing these programs, and demonstrating value beyond training completion.

HRM quantifies human risk based on a set of inputs about a person, including identity data, security behaviours and events, digital footprint and exposure, and security awareness. This personalised approach allows for tailored guidance, updates to policies, or the issuance of workflows to security and other teams, ensuring a more effective and efficient approach to risk management.

The market for HRM has been on an upward trajectory, moving from innovative organisations to the early majority. It is expected that the majority of organisations will adopt HRM by late 2026. This shift is indicative of a market that has moved from debates to practical action.

The Security & Risk Summit falls under several categories, including Age of the Customer, Cybersecurity Trends, risk management, Security management, and security risk management. The session on HRM is part of the broader strategy and leadership track at the event.

It's worth noting that while all HRM vendors are "AI-enabled" in one form or another, not all AI use cases are created equal in the context of HRM. The focus is on the underutilized use case of AI in Human Resource Management for measuring behaviour and risk, and creating adaptive interventions.

The last 18 months have seen a more stable and pragmatic market in HRM, with vendors focusing on executing product roadmaps and enabling HRM adoption. Many vendors are also working on training and enabling their sales and customer teams to drive HRM adoption further.

One such initiative is CybSafe's recent announcement of the version 4.0 release of SebDB, an open-source research initiative that maps security behaviours to risk outcomes, threat actor tactics, intervention strategies, and security frameworks such as MITRE ATT&CK and NIST's Cybersecurity Framework.

As we move forward, the focus on Human Risk Management is set to continue, with the potential to revolutionise the way organisations approach cybersecurity and risk management. The Security & Risk Summit in Austin offers a unique opportunity to learn more about this exciting development and chart a course for the future. Whether you choose to attend in person or digitally, this event promises to be a valuable resource for anyone interested in the future of cybersecurity.

Transitioning Discussion to Implementation: Accelerating Human Risk Strategies Within 18 Months