Human Risk Management (HRM): Turning People into Cybersecurity Assets

Human risk management

Written by Jackie Bilodeau

I am the Communications Director for CGNET, having returned to CGNET in 2018 after a 10-year stint in the 1990's. I enjoy hiking, music, dance, photography, writing and travel. Read more about my work at CGNET here.

October 2, 2025

It seems like every week I see news stories about how cybersecurity threats are evolving at a frightening rate, now that AI is playing a key role in their creation and deployment. Because of this, our defenses need to evolve as well just to keep up. Rapidly. While we all know firewalls and antivirus software are crucial, they can’t protect against the most common vulnerability: human behavior. In fact, one study earlier this year (Mimecast’s State of Human Risk Report) found that human mistakes cause as many as 95% of all incidents. Pretty shocking in some ways; not so surprising in others. After all, we are all busy doing a million things throughout the day; it’s easy to get distracted and forget to always be on guard for this sort of thing. And AI has made some of these scams MUCH harder to detect than ever before.

That’s why Human Risk Management (HRM) is gaining traction as possibly the most effective strategic approach to cybersecurity. HRM focuses on identifying, measuring, and reducing risks associated with human actions. It’s not about point fingers or blame; it’s about building a culture of awareness, accountability, and resilience.

What Is Human Risk Management?

HRM is a proactive, multi-faceted strategy that:

  • Monitors employee behavior for risky actions
  • Assigns risk scores to individuals or teams
  • Delivers targeted training to the riskiest individuals or teams
  • Tracks progress over time

Essentially, HRM transforms cybersecurity from a technical issue into a people-centered initiative.

Case Studies: HRM in Action

Here are some notable examples of companies that have successfully implemented HRM solutions to enhance their cybersecurity posture and reduce human vulnerabilities.

Blackbaud: Strengthening Security Culture

Blackbaud, a cloud software company serving nonprofits, implemented Living Security’s HRM platform to address human vulnerabilities. By analyzing behavioral data and customizing training, they saw a measurable reduction in risky actions and improved employee engagement with cybersecurity protocols.

Global Healthcare Leader: Scalable HRM Deployment

A major healthcare organization launched a scalable HRM program using Living Security’s Unify platform. The initiative included phishing simulations, behavioral analytics, and personalized coaching. Within months, they reported a significant drop in phishing click rates and improved compliance with security policies.

Forgify & Keepnet Labs: Collaborative Success

Forgify partnered with Keepnet Labs to deploy a targeted HRM solution across multiple sectors. Their approach combined behavioral monitoring with adaptive training modules. The result? Enhanced employee awareness, reduced incident rates, and stronger alignment between IT and HR teams.

KnowBe4: AI-Driven HRM Strategy

KnowBe4, one of our partners and a leader in security awareness training, emphasizes HRM through AI-powered risk scoring and personalized learning paths. Their clients have reported up to 90% reductions in phishing susceptibility after implementing HRM strategies that go beyond traditional training.

Why HRM Works

Here are some key reasons why this strategy is effective:

  • Behavioral focus: Targets real-world actions, not just theoretical knowledge.
  • Personalization: Adapts training to individual risk profiles.
  • Continuous improvement: Tracks progress and adjusts strategies.
  • Culture building: Fosters a security-first mindset across the organization.

Getting Started with HRM

To effectively implement Human Risk Management in your organization, consider following these essential steps:

  1. Assess current human risk using phishing tests and behavioral analytics.
  2. Choose a platform like KnowBe4, Living Security or Keepnet Labs.
  3. Engage your leadership to champion the initiative.
  4. Measure impact with KPIs like click rates, policy compliance, and risk scores.

Wrapping It Up

Human Risk Management isn’t just a cybersecurity trend – it’s (fingers crossed) a real game-changer. By focusing on people, the dream is that we can turn our biggest vulnerability into our greatest strength. So, let’s consider embracing HRM and building a culture where everyone is aware, accountable, and resilient. After all, a well-informed team is the best defense against cyber threats!

 

For forty-two years, CGNET has provided state-of-the-art IT services to organizations of all sizes, across the globe. We’ve done it all, from IT and cybersecurity assessments to cloud services management to generative AI user training. Want to learn more about who we are and how we might be able to help you? If so, check out our website or send us a message!

 

You May Also Like…

You May Also Like…

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Translate »
Share This
Subscribe