Security awareness training (SAT) is ineffective despite significant investment, as it focuses on knowledge rather than behavior. Human risk management (HRM), which focuses on changing employee behavior, is a more effective approach. HRM uses AI to personalize training, identify risky users, and provide targeted interventions, ultimately improving cybersecurity behavior and reducing incidents.
