logo
Rethinking Security Training With A Human Risk Management Approach

Rethinking Security Training With A Human Risk Management Approach

Forbes30-06-2025
Masha Sedova, VP of Human Risk Strategy, Mimecast.
What's the one area in cybersecurity that is overdue for change? It's security awareness training.
After three decades of underwhelming results, it's clear that security awareness programs haven't kept up with today's threat landscape. Human error remains the leading cause of data breaches, with Mimecast reporting that 95% of data breaches involve user mistakes. While those numbers remain stubbornly high, conventional training methods fail to instill lasting behavioral change.
If we want security awareness to truly protect organizations, we need to rethink everything—from how we structure training, to the metrics we track, to what 'success' actually looks like. It's time to stop measuring attendance and start measuring action. By focusing on adaptive learning, personal accountability and measurable outcomes, we can evolve security awareness from a compliance checkbox into a core defense mechanism.
Why Legacy Training Fails To Deliver
For years, security awareness relied on outdated tactics like annual training modules and phishing simulations. These tools often create a false sense of progress while leaving companies exposed when behavior doesn't shift.
The problem isn't just outdated content—it's one-size-fits-all structure. Most organizations deliver the same training to every employee, regardless of job role, risk exposure or history of security missteps. Expecting uniform outcomes from workers with vastly different responsibilities is both unrealistic and ineffective.
Worse, the metrics used to assess these programs are often meaningless. Completion rates and engagement scores track participation, not progress. It's time to prioritize behavior and results, not just check-the-box compliance.
What Human-Centric Training Should Look Like
To truly reinvent security awareness, organizations need to move from static, one-dimensional programs to those that empower employees and respond to evolving risks. Grounded in a human risk management framework, this new approach should center on three pillars:
The calendar-based model no longer works. Cyberthreats evolve rapidly, and training must evolve with them—meeting employees at the point of risk.
Just-in-time learning is essential. If an employee clicks on a risky link, a prompt that explains the mistake and offers safer alternatives helps cement the lesson when it matters most.
Threat-responsive updates are just as vital. Security programs should shift with threat levels—deploying phishing alerts during surges or ransomware simulations when relevant. Even simple interventions, like monthly nudges, help keep good habits top of mind.
Not all employees face the same risks. Senior leaders are often targeted by spear-phishing. Developers may encounter credential-harvesting threats. Yet most training programs treat all employees the same.
A more tailored approach improves both relevance and retention. This can be achieved by taking the following steps:
• Categorize employees by their risk level (low, medium, high) based on job role, access level and past behavior.
• Use real user data to shape future training and deliver targeted feedback or additional simulations for those who have fallen for phishing attempts.
• Create transparent risk profiles that show employees how their behavior compares to peers (e.g., "You are two times more likely than your peers to click a phishing link.") to promote self-awareness.
Customization doesn't just drive better results. It shows employees that the training applies directly to their day-to-day challenges—and empowers them to reduce risk on their own.
One of the biggest shifts needed is how we define success. Vanity metrics like completion rates won't cut it. Focus instead on data points that reflect behavioral change and reduced risk outcomes, including:
• Reduced successful phishing attacks over time
• Improved password hygiene (e.g., reduction in reused or weak credentials)
• Decreased risky activities, like installing unapproved apps or mishandling sensitive data
• Tangible economic benefits, such as lower remediation costs or fewer downtime events
Behavior-based metrics are not only more meaningful—they drive continuous improvement by showing what's working and where to focus next.
Creating A Culture Of Accountability
Modern security awareness must build trust, not fear. Employees shouldn't be punished into compliance—they should be brought into the process as active defenders.
Give them visibility into their own progress. Simple dashboards or comparative banners (e.g., 'You're in the top 10% for secure behavior!') drive motivation and clarity.
Recognition matters too. Celebrate employees who report phishing attempts or avoid traps. Positive reinforcement builds morale—and reinforces the right habits.
When employees feel invested and informed, participation turns into ownership.
Reframing Awareness As Human Risk Management
Security awareness is just one part of a broader human risk strategy—but it's a high-impact opportunity hiding in plain sight. The poll results are clear: Industry frustration is high and legacy methods no longer serve.
By shifting toward adaptive, personalized and outcome-based training, organizations can finally address the human vulnerabilities that attackers exploit most. When done right, security awareness doesn't just educate—it protects.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Orange background

Try Our AI Features

Explore what Daily8 AI can do for you:

Comments

No comments yet...

Related Articles

Zacks Industry Outlook Highlights Exxon Mobil, Chevron and Shell
Zacks Industry Outlook Highlights Exxon Mobil, Chevron and Shell

Yahoo

time31 minutes ago

  • Yahoo

Zacks Industry Outlook Highlights Exxon Mobil, Chevron and Shell

For Immediate Release Chicago, IL – July 25, 2025 – Today, Zacks Equity Research discusses Exxon Mobil Corp. XOM, Chevron Corp. CVX and Shell plc SHEL. Industry: Integrated Energy Link: The crude oil pricing environment is expected to experience significant volatility this year, which will negatively impact the exploration and production activities of integrated energy companies. A deceleration in oil production growth can create challenges, thereby constraining earnings from upstream operations. At the same time, the accelerating shift toward renewable energy is introducing greater uncertainty to the Zacks Oil and Gas Integrated International industry's prospects. This combination of factors suggests a challenging and softened industry environment that is expected to persist through at least the remainder of 2025. Among the companies in the industry that will probably survive the business challenges are Exxon Mobil Corp., Chevron Corp. and Shell plc. About the Industry The Zacks Oil and Gas Integrated International industry covers companies primarily involved in upstream, midstream and downstream operations. These companies have upstream businesses in the United States (including prolific shale plays and the deepwater Gulf of Mexico), Asia, South America, Africa, Australia and Europe. Midstream operations of energy companies entail transporting oil, natural gas liquids and refined petroleum products. In downstream businesses, the firms buy raw crude to produce refined petroleum products. The companies' downstream activities involve chemical businesses that manufacture raw materials for making plastics. The integrated players are now gradually focusing on renewables, leading to the energy transition. The firms aim to lower emissions from operations and cut the carbon intensity of the products sold. 3 Trends Shaping the Future of the Industry The integrated energy sector is currently navigating a highly uncertain and challenging macroeconomic environment. Refining, renewable energy and chemical segments are particularly under pressure due to limited visibility into future market dynamics. Escalating trade tensions are compounding this uncertainty, raising concerns over potential economic slowdowns. Meanwhile, oil prices remain volatile, swayed by geopolitical risks and fluctuating OPEC+ production strategies. As a result, major integrated energy players are grappling with profitability challenges. There has been a slowdown in oil production growth in the upstream businesses of integrated energy companies in the United States due to shareholder demands for a greater focus on returning capital rather than investing in production expansion. As production growth slows, output decreases, which can lead to reduced revenues. Since upstream operations depend heavily on volume to generate income, any stagnation in production growth has a direct and negative impact on their bottom line. Governments, investors and stakeholders are placing growing emphasis on addressing climate change, leading to an increased demand for renewable energy. Consequently, the demand for products reliant on oil, natural gas and natural gas liquids is expected to decline, with solar and wind energy gaining prominence in the energy landscape. The integrated energy firms are adversely impacted by these trends as they are primarily engaged in the production and transportation of fossil fuels, such as oil, and the sale of refined petroleum products. Zacks Industry Rank Indicates Bearish Outlook The Zacks Oil and Gas Integrated International industry is part of the broader Zacks Oil - Energy sector. It carries a Zacks Industry Rank #189, which places it in the bottom 23% of the 245 Zacks industries. The group's Zacks Industry Rank, which is the average of the Zacks Rank of all the member stocks, indicates bleak near-term prospects. Our research shows that the top 50% of the Zacks-ranked industries outperform the bottom 50% by a factor of more than 2 to 1. Before we present a few stocks that you may want to consider, let us take a look at the industry's recent stock market performance and valuation picture. Industry Lags S&P 500 & Sector The Zacks Oil and Gas Integrated International industry has underperformed the broader Zacks Oil - Energy sector and the Zacks S&P 500 composite over the past year. The industry has plunged 5.4% over this period compared with the S&P 500's growth of 17.3% and the broader sector's decline of 2.6%. Industry's Current Valuation Since oil and gas companies are debt-laden, it makes sense to value them based on the Enterprise Value/Earnings before Interest Tax Depreciation and Amortization (EV/EBITDA) ratio. This is because the valuation metric takes not just equity into account but also the level of debt. On the basis of the trailing 12-month EV/EBITDA, the industry is currently trading at 4.27X, lower than the S&P 500's 17.85X. It is also below the sector's trailing 12-month EV/EBITDA of 4.77X. Over the past five years, the industry has traded as high as 6.54X and as low as 2.75X, with a median of 4.11X. 3 Integrated International Stocks to Watch Chevron: The company completed its $53-billion acquisition of Hess Corporation, thereby strengthening its upstream portfolio and obtaining a 30% interest in the highly valued Stabroek Block offshore Guyana. Chevron gains strategic access to one of the most prolific deepwater discoveries of the past decade, estimated to hold more than 11 billion barrels of recoverable oil. The acquisition also strengthens its position in the U.S. Bakken shale, the Gulf of Mexico and Southeast Asia. It currently carries a Zacks Rank #3 (Hold). The move comes as a turning point for Chevron as it is facing mounting pressure to replenish its reserves and strengthen free cash flow amid ongoing volatility in the oil markets. You can see the complete list of today's Zacks #1 Rank (Strong Buy) stocks here. ExxonMobil: The company's acquisition of Pioneer Natural Resources expanded its production capabilities in the Permian Basin, one of the most profitable regions in the United States due to its inexpensive production costs. XOM boasts a strong portfolio of upstream assets, focused on oil-rich resources in the Permian Basin and offshore Guyana. Production costs in those assets are low. Therefore, the leading integrated energy major can overcome a collapse in oil and gas prices. Similar to its operations in the Permian, ExxonMobil boasts a robust project pipeline in offshore Guyana resources. It presently carries a Zacks Rank #3. Shell: The company's acquisition of Pavilion Energy strengthens its LNG trading capabilities and positions itself for long-term growth in cleaner fuels. Shell's position as a major supplier of LNG should help the company meet the fuel's growing demand and improve its cash flow. Shell, with a Zacks Rank of 3, is targeting a 4-5% annual increase in LNG sales over the next five years and 1% annual production growth. Why Haven't You Looked at Zacks' Top Stocks? Since 2000, our top stock-picking strategies have blown away the S&P's +7.7% average gain per year. Amazingly, they soared with average gains of +48.4%, +50.2% and +56.7% per year. Today you can access their live picks without cost or obligation. See Stocks Free >> Media Contact Zacks Investment Research 800-767-3771 ext. 9339 support@ Past performance is no guarantee of future results. Inherent in any investment is the potential for loss. This material is being provided for informational purposes only and nothing herein constitutes investment, legal, accounting or tax advice, or a recommendation to buy, sell or hold a security. No recommendation or advice is being given as to whether any investment is suitable for a particular investor. It should not be assumed that any investments in securities, companies, sectors or markets identified and described were or will be profitable. All information is current as of the date of herein and is subject to change without notice. Any views or opinions expressed may not reflect those of the firm as a whole. Zacks Investment Research does not engage in investment banking, market making or asset management activities of any securities. These returns are from hypothetical portfolios consisting of stocks with Zacks Rank = 1 that were rebalanced monthly with zero transaction costs. These are not the returns of actual portfolios of stocks. The S&P 500 is an unmanaged index. Visit for information about the performance numbers displayed in this press release. Want the latest recommendations from Zacks Investment Research? Today, you can download 7 Best Stocks for the Next 30 Days. Click to get this free report Chevron Corporation (CVX) : Free Stock Analysis Report Exxon Mobil Corporation (XOM) : Free Stock Analysis Report Shell PLC Unsponsored ADR (SHEL) : Free Stock Analysis Report This article originally published on Zacks Investment Research ( Zacks Investment Research

Women's dating app Tea reports 72,000 images stolen in security breach
Women's dating app Tea reports 72,000 images stolen in security breach

Yahoo

time37 minutes ago

  • Yahoo

Women's dating app Tea reports 72,000 images stolen in security breach

(Reuters) -Tea, an app that lets women anonymously comment and review dates with men, said it has suffered a data breach, with hackers gaining access to 72,000 user images. A Tea spokesperson confirmed the hack to Reuters on Saturday, saying they had detected "unauthorized access to our systems" and about 72,000 images had been exposed, including 13,000 selfies and photo identifications submitted for account verification purposes, as well as 59,000 images from posts, comments, and direct messages. "We have engaged third-party cybersecurity experts and are working around the clock to secure our systems," the company said in a statement, adding that no emails or phone numbers were exposed, and that only users who signed up before February 2024 were affected. The breach was first reported by 404 Media early on Friday. The app, which says its motto is "women should never have to compromise their safety while dating," is a platform where women who sign up and are approved after a verification process can anonymously share information about men they are interested in in Yelp-style reviews. It has gained increasing popularity, saying on Instagram that more than two million users in the past few days had asked to join the app. Signing up for Tea requires users to take selfies, which the app says are deleted after review.

Yext, Inc. (YEXT) Launches New Search Initiative, Yext Research
Yext, Inc. (YEXT) Launches New Search Initiative, Yext Research

Yahoo

time37 minutes ago

  • Yahoo

Yext, Inc. (YEXT) Launches New Search Initiative, Yext Research

With a share price under $10, strong hedge fund interest, and a low price-to-earnings ratio, Yext, Inc. (NYSE:YEXT) makes it onto our list of the . A data centre room with cloud technology, illustrating the enterprise application software services. On June 13, 2025, Yext, Inc. (NYSE:YEXT) announced the launch of Yext Research, which is a new initiative that provides deeper insights to marketers and SEO professionals into how brands are discovered in today's complex search landscape. Leveraging over 2 billion data points, the new search initiative fills the gap in industry benchmarks and performance signals. Furthermore, the program also introduces Yext Research Partners, a collaborative model that invites experts to publish independent, data-driven insights. This comes ahead of Yext, Inc. (NYSE:YEXT)'s solid performance for Q1 FY25, which ended on April 30, 2025. The earnings result, which was released on June 3, 2025, was marked by a 14% YoY increase in revenue that reached $109.5 million. Strong demand across the company's platform contributed to the sales growth. Meanwhile, a record $24.7 million adjusted EBITDA was achieved, reflecting a 23% margin. A favorable currency impact and the acquisition of Hearsay Systems contributed to the company's performance, boosting its Annual Recurring Revenue (ARR) by 15% YoY. Yext, Inc. (NYSE:YEXT) keeps an optimistic future outlook with plans to scale up its innovative product, Yext Scout. The product, in beta, is gaining significant traction, boasting over 1,000 sign-ups and a strong response from enterprise customers. With the Yext platform, a cloud-based solution, Yext, Inc. (NYSE:YEXT) specializes in digital knowledge management and search solutions. It is included in our list of the best cloud stocks. While we acknowledge the potential of YEXT as an investment, we believe certain AI stocks offer greater upside potential and carry less downside risk. If you're looking for an extremely undervalued AI stock that also stands to benefit significantly from Trump-era tariffs and the onshoring trend, see our free report on the best short-term AI stock. READ NEXT: 14 Cheap Transportation Stocks to Buy According to Analysts and Top 10 AI Infrastructure Stocks to Buy Now. Disclosure: None. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data

DOWNLOAD THE APP

Get Started Now: Download the App

Ready to dive into a world of global content with local flavor? Download Daily8 app today from your preferred app store and start exploring.
app-storeplay-store