Rethinking Security Training With A Human Risk Management Approach
What's the one area in cybersecurity that is overdue for change? It's security awareness training.
After three decades of underwhelming results, it's clear that security awareness programs haven't kept up with today's threat landscape. Human error remains the leading cause of data breaches, with Mimecast reporting that 95% of data breaches involve user mistakes. While those numbers remain stubbornly high, conventional training methods fail to instill lasting behavioral change.
If we want security awareness to truly protect organizations, we need to rethink everything—from how we structure training, to the metrics we track, to what 'success' actually looks like. It's time to stop measuring attendance and start measuring action. By focusing on adaptive learning, personal accountability and measurable outcomes, we can evolve security awareness from a compliance checkbox into a core defense mechanism.
Why Legacy Training Fails To Deliver
For years, security awareness relied on outdated tactics like annual training modules and phishing simulations. These tools often create a false sense of progress while leaving companies exposed when behavior doesn't shift.
The problem isn't just outdated content—it's one-size-fits-all structure. Most organizations deliver the same training to every employee, regardless of job role, risk exposure or history of security missteps. Expecting uniform outcomes from workers with vastly different responsibilities is both unrealistic and ineffective.
Worse, the metrics used to assess these programs are often meaningless. Completion rates and engagement scores track participation, not progress. It's time to prioritize behavior and results, not just check-the-box compliance.
What Human-Centric Training Should Look Like
To truly reinvent security awareness, organizations need to move from static, one-dimensional programs to those that empower employees and respond to evolving risks. Grounded in a human risk management framework, this new approach should center on three pillars:
The calendar-based model no longer works. Cyberthreats evolve rapidly, and training must evolve with them—meeting employees at the point of risk.
Just-in-time learning is essential. If an employee clicks on a risky link, a prompt that explains the mistake and offers safer alternatives helps cement the lesson when it matters most.
Threat-responsive updates are just as vital. Security programs should shift with threat levels—deploying phishing alerts during surges or ransomware simulations when relevant. Even simple interventions, like monthly nudges, help keep good habits top of mind.
Not all employees face the same risks. Senior leaders are often targeted by spear-phishing. Developers may encounter credential-harvesting threats. Yet most training programs treat all employees the same.
A more tailored approach improves both relevance and retention. This can be achieved by taking the following steps:
• Categorize employees by their risk level (low, medium, high) based on job role, access level and past behavior.
• Use real user data to shape future training and deliver targeted feedback or additional simulations for those who have fallen for phishing attempts.
• Create transparent risk profiles that show employees how their behavior compares to peers (e.g., "You are two times more likely than your peers to click a phishing link.") to promote self-awareness.
Customization doesn't just drive better results. It shows employees that the training applies directly to their day-to-day challenges—and empowers them to reduce risk on their own.
One of the biggest shifts needed is how we define success. Vanity metrics like completion rates won't cut it. Focus instead on data points that reflect behavioral change and reduced risk outcomes, including:
• Reduced successful phishing attacks over time
• Improved password hygiene (e.g., reduction in reused or weak credentials)
• Decreased risky activities, like installing unapproved apps or mishandling sensitive data
• Tangible economic benefits, such as lower remediation costs or fewer downtime events
Behavior-based metrics are not only more meaningful—they drive continuous improvement by showing what's working and where to focus next.
Creating A Culture Of Accountability
Modern security awareness must build trust, not fear. Employees shouldn't be punished into compliance—they should be brought into the process as active defenders.
Give them visibility into their own progress. Simple dashboards or comparative banners (e.g., 'You're in the top 10% for secure behavior!') drive motivation and clarity.
Recognition matters too. Celebrate employees who report phishing attempts or avoid traps. Positive reinforcement builds morale—and reinforces the right habits.
When employees feel invested and informed, participation turns into ownership.
Reframing Awareness As Human Risk Management
Security awareness is just one part of a broader human risk strategy—but it's a high-impact opportunity hiding in plain sight. The poll results are clear: Industry frustration is high and legacy methods no longer serve.
By shifting toward adaptive, personalized and outcome-based training, organizations can finally address the human vulnerabilities that attackers exploit most. When done right, security awareness doesn't just educate—it protects.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
20 minutes ago
- Yahoo
Intel's chip contracting plan in spotlight on earnings day
By Arsheeya Bajwa (Reuters) -Faced with slumping quarterly sales and a burgeoning loss, Intel shareholders will want to know new CEO Lip Bu-Tan's plans for the chipmaker's nascent contract manufacturing business. Intel is set to report its sixth consecutive net loss on Thursday, while revenue is expected to drop for a fifth straight quarter, according to estimates from LSEG data. The storied chipmaker, once synonymous with America's chipmaking heft, has lagged due to years of strategic missteps. Rival Nvidia has leaped ahead in the booming artificial intelligence chip industry, while rival AMD has been gaining share in Intel's mainstay personal computer and server semiconductor markets. CEO Tan has been focusing on a next-generation chipmaking process called 14A to win big external customers, shifting away from 18A, a technology that his predecessor Pat Gelsinger had spent billions of dollars to develop. Such a move could lead to a big writedown, an expense that would surely displease investors even as Intel has signaled that the new technology will help it be more competitive against Taiwan's TSMC, the world's biggest chipmaking factory. Longer-term commentary on the company's plans for the 14A technology "will hold more weight this earnings call than anything else", Stifel analysts wrote ahead of the earnings. Intel is expected to report a net loss of about $1.25 billion for the April-June quarter, while its sales are expected to drop more than 7% to $11.92 billion. Last year was Intel's first unprofitable year since 1986. Writedowns could amount to hundreds of millions, if not billions, of dollars, according to analysts, and might impact the timeline for the foundry to break even. Intel's finance boss David Zinsner said in May he expected the unit to break even in 2027 and that would require external customers to generate low- to mid-single-digit billions in revenue. Intel's foundry unit is expected to generate $4.49 billion in sales in the second quarter, though a majority of this would come from chips Intel produces for itself, analysts said. STREAMLINING Since taking over as CEO in March, Tan has focused on shedding non-core assets. In April, Intel agreed to sell a 51% stake in its Altera programmable chip business for $4.46 billion. The company has also considered divesting its network and edge businesses as well. Intel's stock has risen 16% so far this year, compared with a 13.23% rise in the broader chip index. Investors will watch if Tan sells more assets, further flattens out the management structure, or expands the global layoffs the company announced last year. Intel, as with other chipmakers, is facing customers who are dragging their feet on their spending, due to uncertainty from U.S. President Donald Trump's trade war. Revenue at Intel's personal computer unit is expected to dip some 2% to $7.25 billion in the second quarter after customers pulled forward orders to the first three months of the year due to the threat of tariffs. Analog chipmaker Texas Instrument flagged similar troubles on Tuesday, sending its shares down 11% after hours. Chip-equipment maker ASML and TSMC have also warned tariff-related uncertainty has muddied the outlook for them. Revenue in Intel's data center unit, however, is expected to jump about 20% to $3.66 billion, signaling improving demand for traditional server chips after several quarters of poor sales. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
20 minutes ago
- Yahoo
The protein boom is only beginning: Morning Brief
They're cramming it into everything now. It's in pancakes and pasta, chips and cereal. Plant-based or harvested from the farm, it's the macro(nutrient) of the moment. And slices of corporate America are not so subtly asking: Have you met your protein goal today? Protein Doritos sounds like the ideal mashup for the gym rat snack fiends of the world. But it's not as farfetched a product as you might think. Pepsi (PEP) plans to unveil new protein offerings for some of its Frito-Lay and Quaker brands, part of a broader shift to enhance their products and strip away artificial flavors and colors. (But what is a tasty Cheeto if not a brazenly synthetic delight?) Pepsi's intended relaunch and extension of popular brands is a reaction to a consumer base on the hunt for healthier, cleaner options. Executives across the food and beverage world see a potential crisis unfolding. As demand for legacy products wavers, companies are reaching for new lines (like fiber, prebiotics, hydration, energy, and protein) to support the core business. Sign up for the Yahoo Finance Morning Brief By subscribing, you are agreeing to Yahoo's Terms and Privacy Policy "Protein is clearly a subsegment in our food and beverages categories that is growing fast," said PepsiCo CEO Ramon Laguarta on an earnings call last week. "Consumers are adopting protein solutions in the diet at a pace that was not the case a few months back, a few years back." Coca-Cola (KO), which reported on Tuesday, is undergoing its own notable evolution. Earlier this year, the company came out with a prebiotic soda brand, Simply Pop, an answer to the initial success of soda alternatives like Olipop and Poppi. Coca-Cola's Fairlife line of lactose-free, ultra-filtered milk and protein shakes (a fitness influencer staple) is touting double-digit volume growth. Coke CFO John Murphy told my colleague Brooke DiPalma that protein is another representation of consumers looking for products that help them in their daily lives, have fewer calories, or are perceived as healthier. Coca-Cola also confirmed it'll offer a Coke variant sweetened with US cane sugar this fall. A confluence of factors has amped up the recommendations and ability to up your protein intake. Strength training is having a moment, in a sort of vindication of gym bro fitness culture but also an expansion and reimagining of it. More young people, older people, and women are skipping (or supplementing) the treadmill and stationary bike and heading to the weight rack. Big, commercial gyms are swapping out cardio machines to make space for pumping iron. Planet Fitness (PLNT) announced plans at the start of the year to install new plate-loaded strength equipment — like bench presses and hack squats — into all of its more than 2,700 clubs by the end of 2025. Logically, protein follows to help realize the gains. Social media reflects and amplifies these trends. Popular influencers, like some of their Hollywood counterparts, are sporting more muscular physiques: wider backs, denser arms, and thicker legs. And they're touting the advantages of higher protein consumption as a method to change the way people look and feel. You have to eat more protein, they proclaim, to grow a dump truck. The opposite is true too: You generally need to actually train to put protein to work — and we may all be going overboard. Otherwise, you're just eating protein aspirationally. The explosion of GLP-1 weight-loss drugs from Eli Lilly (LLY) and Novo Nordisk (NVO) is another reason why consumers are seeing more protein-enriched foods on grocery aisles. As appetite-suppressed Ozempic and Wegovy users eat less and drop pounds, it isn't just body fat they're shedding. People in a calorie deficit generally lose fat and muscle, so healthcare providers advise patients to eat more protein to help preserve their muscle mass. And as a diet trend, the pro-protein movement is also just that, "pro" something, instead of the carb villainization of Atkins of the 2000s or low-fat of the 90s and before. For food and snack companies, it's an opportunity to capitalize on that turbocharged demand by providing something that's acceptable to eat, tackling health through consumption instead of austerity. So far, the market is gobbling it up. Hamza Shaban is a reporter for Yahoo Finance covering markets and the economy. Follow Hamza on X @hshaban. Click here for in-depth analysis of the latest stock market news and events moving stock prices Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
20 minutes ago
- Yahoo
Taiwan says trade delegation in Washington for talks on potential tariff and trade deal
TAIPEI (Reuters) -Taiwan's government said on Wednesday that a trade delegation led by the vice premier was in Washington, D.C., for a new round of in-person negotiations with U.S. officials this week. U.S. President Donald Trump has proposed imposing tariffs of as much as 32% on Taiwan. No new tariffs have yet been announced for the democratically-governed island, although the 90-day pause on worldwide tariffs Trump proposed in April has already expired. The delegation, led by Vice Premier Cheng Li-chun, seeks to safeguard Taiwan's industrial interests, public health, and food security, according to a cabinet statement. The talks aim to promote balanced trade, and improve the overall economic and trade framework between the two sides, it added. "The team will continue working under the principles of protecting Taiwan's industries and public welfare,' the statement said. 'We hope to optimise the trade system and lay the groundwork for a stronger partnership in the future.' The Taiwan talks come as trade negotiations in the region accelerate. On Wednesday, the United States and Japan announced a trade agreement that includes a 15% U.S. import tariff on all Japanese goods, lower than the 25% Washington had proposed previously. The Japan deal is seen as one of the most significant among several agreements reached ahead of the August 1 tariff deadline the White House set after the original 90-day deadline expired with only a few successfully negotiated agreements. Taiwan has been seeking to strengthen its trade ties with major partners, particularly the U.S., Taiwan's second-largest trading partner after China, amid growing geopolitical and economic challenges. The outcome of the negotiations could play a key role in shaping the island's future trade strategy and its position in the global supply chain, and is crucial to Taiwan's export-driven economy.
