CISOs should focus on managing human risk instead of only technical vulnerabilities. Over 90% of breaches arise from user behavior, with attackers exploiting less monitored channels like encrypted messaging and calls. Most organizations inadequately simulate threats outside of email, despite recognizing the need for personalized training. Insider threats have evolved, posing significant risk, yet security leaders struggle with operational challenges rather than awareness.
https://www.helpnetsecurity.com/2025/09/10/ciso-human-centric-risk/