Keepnet Labs Logo
Menu
HOME > whitepapers > the significance of human risk management in cybersecurity

The Significance of Human Risk Management in Cybersecurity

Explore human risk in cybersecurity, the need for unified solutions, and Keepnet Labs' leading role in strategic partnerships.

The ultimate guide to minimizing cyber insurance payments

1. Introduction: Navigating the Modern Cybersecurity Terrain and the Ascendancy of Channel Partnerships

As businesses and individuals increasingly rely on digital platforms for everything from communication to commerce, the potential vulnerabilities they're exposed to have multiplied exponentially. The cybersecurity landscape is a dynamic battlefield where threats evolve alarmingly, and the lines between attackers and defenders are continually redrawn.

The past few years have witnessed a surge in cyberattacks, ranging from sophisticated nation-state-sponsored hacks to ransomware attacks targeting critical infrastructure. These incidents have highlighted the vulnerabilities inherent in our digital systems and underscored the immense financial and reputational costs associated with security breaches. In 2022 alone, the global cost of cybercrime exceeded $1 trillion, encapsulating the direct damages from attacks and the subsequent costs of mitigation and recovery.

Yet, as the threats have grown, so too have the defenses. The cybersecurity industry is booming, with innovative solutions emerging daily to counteract the latest malicious tactics. Artificial intelligence, machine learning, and blockchain are just a few of the cutting-edge technologies harnessing to bolster digital defenses. However, as the adage goes, a chain is only as strong as its weakest link. In the realm of cybersecurity, that weak link is often human. Despite the technological advancements, human error remains a significant contributor to security breaches, 95% to be precise, emphasizing the need for comprehensive solutions that address not just technological vulnerabilities but human risks.

Parallel to these developments in the cybersecurity domain is the rising significance of human collaboration through channel partnerships in the broader tech industry. Channel partnerships, which involve synergies between tech companies to enhance their offerings and reach, have become a cornerstone strategy for growth and innovation. In an industry characterized by rapid technological advancements and fierce competition, the ability to forge strategic alliances can be the difference between leading the pack or trailing behind.

There are several reasons for the burgeoning importance of channel partnerships. Firstly, they allow for the pooling of resources and expertise. In the complex world of tech, no company can be an expert in everything. By partnering with firms with complementary strengths, companies can offer more comprehensive solutions to their clients. For instance, a company specializing in cloud storage might partner with a cybersecurity firm to ensure that its storage solutions are efficient and secure. See our sample case study here .

Secondly, channel partnerships facilitate access to new markets and customer segments. A solution provider with a strong presence in one geographical region can leverage its partner's network to gain a foothold in another. Similarly, a company that has traditionally catered to large enterprises might find it easier to tap into the small and medium business segment by partnering with a firm with a strong presence in that niche.

Lastly, channel partnerships foster collaborative innovation in an industry where innovation is the key to staying relevant. Two (or more) heads are often better than one, and by working together, partner firms can co-develop solutions that neither could have achieved on their own.

While the digital world grapples with ever-evolving cybersecurity challenges, the solutions are increasingly found in collaboration. The tech industry's growing emphasis on channel partnerships is a testament to the power of collective effort and expertise. As threats become more sophisticated, the alliances formed to combat them will be the linchpins of a secure digital future.

2. The Dominance of Human Error in Cybersecurity

With its intricate web of codes, protocols, and algorithms, the digital realm often gives the impression of being an impersonal space. However, at its core, it is deeply human-centric. While being the driving force behind technological advancements, this human element also introduces vulnerabilities. The World Forum's 2022 revelation that a staggering 95% of cybersecurity issues arise from human error underscores this vulnerability and highlights the pressing need to address the human aspect of cybersecurity.

Gartner (2023) states, “Organizations in the past have developed their cybersecurity program to address the ebbs and flows of regulatory changes, business decisions, and customer demands and threats. Modern cybersecurity leaders will use a human-centric design to strengthen their program and optimize human potential".

1. Predator's Preferred Path: Despite cyber attackers having high-tech tools, they often prefer exploiting human mistakes. One wrong click on a deceptive link or a weak password choice can be the domino topples an organization's security.

2. The Labyrinth of Modern Systems: More intricate systems elevate the potential for human slip-ups. More protocols, configurations, and settings mean more chances for a lapse.

3. Beware of the Insider: Not all errors are innocent. A disenchanted employee with system know-how can be a catastrophic wildcard, causing damage from the inside.

4. Knowledge is Power (And Safety): A workforce unaware of digital threats like phishing or social engineering becomes the low-hanging fruit for cyber predators.

5. Password Peril: The seemingly innocent acts of choosing a guessable password, reusing one, or (gasp!) sharing it can swing open the cyber gates for attackers.

6. Configuration Catastrophes: A simple oversight by a system admin, like leaving a database unprotected, can be a goldmine for hackers.

7. Gadgets Gone Missing: That forgotten laptop at the coffee shop? It might be more than just an expensive mistake; it could be a data leak waiting to happen.

8. Procrastinated Patches: Ignoring or delaying essential software updates is like inviting cybercriminals to a feast, where the main dish is your data.

9. Silence Isn’t Golden: In the vast maze of corporate corridors, not sharing critical security alerts can amplify a breach's impact.

10. Tech's Double-Edged Sword: Solely leaning on technology for defense is a perilous strategy. No amount of tech can compensate for human unawareness.

Understanding the human element in cybersecurity is paramount- it is not just about the systems we protect but also about educating and safeguarding the people using them.

2.2. Real-world Breaches: A Deep Dive into the Consequences of Human Oversights

The digital landscape is riddled with instances where human errors, often avoidable, have led to significant security breaches. These incidents are stark reminders of the vulnerabilities human involvement in cybersecurity introduced. Here are 20 real-world cases that highlight the profound impact of such mistakes:

1. The Equifax Breach (2017): A failure to patch a known vulnerability compromised the personal information of 147 million people.

2. The WannaCry Ransomware Attack (2017): Exploiting a Windows vulnerability patched two months earlier, this attack affected over 200,000 computers across 150 countries.

3. Amazon S3 Bucket Misconfigurations: Multiple instances over the years where sensitive data was exposed due to human errors in configuring Amazon S3 buckets.

4. Target Data Breach (2013): Compromising the credit card information of 40 million customers, this breach occurred due to credentials stolen from a third-party vendor.

5. Yahoo Data Breach (2013-2014): Affecting all 3 billion Yahoo user accounts, this breach resulted from cookies being manipulated to forge login credentials.

6. Sony Pictures Hack (2014): Confidential data from the film studio was leaked, attributed to phishing emails that deceived employees.

7. JPMorgan Chase Breach (2014): Affecting 76 million households, this breach was due to outdated security certificates on one of the bank's websites.

8. Home Depot Breach (2014): Compromising 56 million credit card details, this breach resulted from a vendor's stolen login.

9. Ashley Madison Data Leak (2015): User data from the infidelity website was exposed due to inadequate cybersecurity measures.

10. U.S. Office of Personnel Management (OPM) Breach (2015): The personal data of 22 million U.S. federal employees was compromised due to outdated security practices.

11. LinkedIn Data Breach (2012): 165 million user accounts were compromised due to weak password encryption.

12. Dropbox Data Breach (2012): A Dropbox employee's password reuse exposed 68 million user credentials.

13. Anthem Health Insurance Breach (2015): 78.8 million records were exposed due to a phishing email that compromised five employee credentials.

14. Heartland Payment Systems Breach (2008): 130 million credit card details were exposed due to malware installed on the company's payment processing system.

15. TJX Companies Breach (2006): 94 million credit cards were compromised due to weak data encryption practices.

16. Adobe Breach (2013): 153 million user records, including encrypted passwords, were exposed due to a poorly configured web server.

17. eBay Data Breach (2014): 145 million user accounts were compromised due to stolen employee credentials.

18. Marriott International Breach (2018): 500 million guest records were exposed due to unauthorized access to the reservation database.

19. Capital One Data Breach (2019): 106 million customer records were exposed due to a misconfigured firewall.

20. Twitter Bitcoin Scam (2020): High-profile accounts were hijacked to promote a Bitcoin scam attributed to social engineering attacks on Twitter employees.

2.3. The Financial and Reputational Toll of Human-Induced Breaches

The financial implications of security breaches stemming from human error are profound. Direct costs include ransom payments, legal fees, and damage control and system restoration expenses. However, the indirect costs can be even more debilitating. These include loss of customer trust, damage to brand reputation, and potential regulatory fines.

A study by IBM estimated the average cost of a data breach in 2022 to be $4.24 million, marking a significant increase from previous years. When the breach is attributed to human error, the costs can be even higher due to the need for extensive employee training, system overhauls, and public relations campaigns to restore damaged reputations. Moreover, the MGM Resorts cyberattack, which resulted in a staggering financial loss of $100 million, was not just a consequence of advanced hacking techniques but was largely attributed to human errors. The attackers exploited vulnerabilities through vishing (voice phishing) and bypassing Multi-Factor Authentication (MFA) systems, highlighting the critical role that human factors play in cybersecurity breaches. Despite the advanced technological defenses in place, the manipulation of human trust and judgment paved the way for this breach. This incident underscores the importance of continuous training and vigilance among employees to recognize and counteract such deceptive tactics, emphasizing that even the most sophisticated digital defenses can be rendered ineffective if the human element is not adequately fortified.

Furthermore, businesses face the daunting task of regaining customer trust. In an era where data privacy and security are paramount, a breach can lead to a significant loss of clientele, with customers opting for competitors perceived as more secure.

The dominance of human error in cybersecurity is a stark reminder that while technology continues to evolve, the human element remains its greatest strength and glaring vulnerability. Addressing this challenge requires a holistic approach that combines technological solutions with comprehensive training and awareness programs. Only by recognizing and mitigating the risks posed by human error can businesses truly safeguard their digital assets.

3. The Need for a Unified Human Risk Management Platform

In the intricate tapestry of cybersecurity, while technology and software play pivotal roles, the human element remains both a cornerstone and a potential chink in the armor. As cyber threats evolve in complexity, addressing the human aspect becomes paramount. Enter Human Risk Management (HRM)—a holistic approach that focuses on the vulnerabilities introduced by human behavior and actions. This section delves into the essence of HRM, its multifaceted layers of security, and the limitations of traditional security measures in addressing human-centric risks.

3.2. The Multifaceted Layers of Human-Centric Security

Human risk in cybersecurity is not monolithic; it's layered and multifaceted. These layers encompass various aspects of human behavior and actions:

1. Behavioral Layer: Pertains to everyday actions like password creation and email interactions. Simple behaviors, like using weak passwords or clicking on suspicious links, can introduce vulnerabilities.

2. Cognitive Layer: Focuses on decision-making processes. An employee might bypass a security protocol, not fully grasping the potential risks.

3. Organizational Layer: Encompasses the broader organizational culture and its approach to cybersecurity.

4. Emotional Layer: Emotional states, like stress and burnout, can influence security behaviors.

5. Social Layer: Peer behaviors and social norms play a role in influencing individual actions.

3.3. Incorporating Advanced HRM Tools and Strategies

To address the multifaceted nature of human risk, organizations must employ a range of tools and strategies:

1. Creating a Security Culture: Beyond tools and protocols, fostering a culture where individuals prioritize security in their daily tasks.

2. Cyber Security Training Programs: Equip employees with the knowledge and skills to recognize and counteract threats.

3. Simulators (Phishing, Smishing, Vishing, Quishing, MFA): These tools mimic real-world cyberattacks, training individuals to identify and respond to various threats.

4. Threat Sharing: Collaborative platforms where organizations share information about emerging threats, ensuring collective preparedness.

5. Identifying Leaked Data in Dark/Deep Web: Tools that scour the hidden parts of the internet to find any leaked organizational or employee data.

6. Human Misconfiguration Identification: Software that detects human errors in configuring email servers or security gateways, preventing potential breaches.

7. Behavior Monitoring: Using analytics to track and analyze employee behaviors, identifying potential vulnerabilities or areas of concern.

3.4. The Shortcomings of Traditional Security Measures in Addressing Human Risk

Traditional security measures, while essential, often focus predominantly on technological threats. However, these measures, in isolation, are ill-equipped to address the vulnerabilities introduced by human actions and behaviors:

1. Reactive vs. Proactive: Traditional tools often operate reactively, springing into action after a threat is detected. In contrast, HRM emphasizes proactive measures.

2. Lack of Behavioral Insights: Traditional measures can't explain why certain security lapses occur.

3. Over-reliance on Technology: Solely depending on technological solutions can lead to complacency.

4. One-size-fits-all Approach: Traditional measures often adopt a blanket approach, whereas HRM tailors measures based on roles and responsibilities.

While technological defenses remain crucial in the cybersecurity arsenal, the human element demands equal, if not more, attention. A unified HRM platform with advanced tools and strategies bridges the gap between technology and human behavior, ensuring a more comprehensive and resilient security posture. In the ever-evolving landscape of cyber threats, understanding and mitigating human risk is not just beneficial—it's imperative.

4. Keepnet Labs: Leading the Way in Human Risk Management

In the dynamic world of cybersecurity, where threats constantly evolve, and the stakes are perpetually high, the need for innovative solutions that address the human element of security is paramount. Enter Keepnet Labs, a trailblazer in the realm of HRM dedicated to fortifying the human link in the cybersecurity chain.

4.1. Introducing Keepnet Labs

Founded with a vision to revolutionize the cybersecurity landscape, Keepnet Labs recognizes that while technology is a crucial component of any security strategy, the human element can often be its most unpredictable variable. With a mission to transform this variable from a potential vulnerability into a robust defense line, Keepnet Labs has positioned itself at the forefront of the cybersecurity industry. The company's ethos is rooted in the belief that informed and vigilant individuals can be an organization's strongest asset in warding off cyber threats.

4.2. Keepnet Labs' Human Risk Management Platform: A Comprehensive Solution

At the heart of Keepnet Labs' offerings is its state-of-the-art HRM Platform—a holistic solution designed to address the multifaceted challenges posed by human behavior in cybersecurity. This platform is not just a product; it's a comprehensive ecosystem that integrates seamlessly into an organization's existing infrastructure, providing real-time insights, training modules, and proactive defense mechanisms.

4.2.1. The platform adopts a multi-pronged approach:

The platform leverages a multi-pronged strategy, employing multiple methods to ensure efficiency and adaptability to diverse challenges and user needs.

1. Education and Training: Recognizing that awareness is the first line of defense, the platform offers tailored training modules that educate users about cybersecurity threats and best cybersecurity practices.

2. Simulated Social Engineering Scenarios: Users are exposed to real-world cyberattack simulations like Vishing , Smishing , MFA phishing , Phishing and Quishing, ensuring they can recognize and respond to genuine threats.

3. Behavioral Analytics: By monitoring and analyzing user behavior, the platform identifies potential areas of concern, allowing for timely interventions.

4. Real-time Threat Alerts: In the event of a potential threat, the platform provides instant alerts, ensuring swift response and mitigation.

4.3. Features and Benefits of Keepnet Labs' Platform

Keepnet Labs' Human Risk Management Platform is packed with features that set it apart in the crowded cybersecurity market:

1. Adaptive Learning Modules: Understanding that every individual has a unique learning curve, the platform offers adaptive training modules that cater to varied learning paces and styles.

2. Interactive Dashboards: Managers and IT teams can access interactive dashboards that provide a bird's-eye view of the organization's human risk profile, allowing for informed decision-making.

3. Continuous Updates: In the ever-evolving world of cyber threats, staying updated is crucial. The platform ensures that its threat database, training modules, and defense mechanisms are always in sync with the latest developments.

4. User-friendly Interface: A platform is only as good as its usability. Keepnet Labs' solution boasts an intuitive interface, ensuring that users can easily navigate it irrespective of their tech proficiency.

5. Scalability: Whether a small startup or a multinational corporation, the platform is designed to scale according to an organization's needs.

4.4. The Advantages of Incorporating Keepnet Labs' Platform into an Organization's Cybersecurity Strategy

The integration of Keepnet Labs' platform yields both operational and strategic results that redefine an organization's approach to cybersecurity:

Robust Security Measures: By training the workforce to identify and counter threats, organizations significantly enhance their cybersecurity readiness and overall security posture.

Efficiency and Support: The platform's seamless integration, backed by well-documented technical product guides, ensures smooth operations and reduces the need for extensive support.

Cost Efficiency: The proactive nature of the platform, which prevents potential breaches, translates to considerable savings. Organizations can avoid hefty expenses related to damage control, legal implications, and reputation management.

Profitable Growth Opportunities: Integrating Keepnet Labs' platform opens new revenue avenues and cross-selling potentials. Such strategic moves have led to an impressive 40% sales surge within a mere 5-month span.

Enhanced Brand Visibility: The option for white-labeling allows organizations to amplify their brand identity, further establishing their presence in the market.

Training and Content Diversity: With access to Keepnet’s extensive library, enriched by contributions from over 12 global training providers, organizations can offer bespoke training content to a diverse clientele. This adaptability ensures a customer-centric approach to security awareness.

Competitive Edge: Keepnet Labs' fully Extended HRM platform boasts avant-garde features, such as the capability to dispatch training or social engineering campaigns via SMS. Such innovations position organizations distinctly ahead in the competitive cybersecurity arena.

Increased Customer Satisfaction: The platform's tailor-made services, coupled with flexible payment options, not only meet but exceed customer expectations, leading to higher retention rates and overall satisfaction.

Today, solutions that holistically address both the human and technological aspects of security are not just beneficial but essential. Armed with its state-of-the-art HRM Platform, Keepnet Labs is at the vanguard of this movement, offering organizations a comprehensive and potent solution to the pressing cybersecurity challenges of our time.

5. Why Technology Firms Should Partner with Keepnet Labs

Strategic partnerships can be the linchpin for success in the rapidly evolving tech landscape, where innovation is the currency and competition is fierce. For technology firms, especially those in the cybersecurity domain, partnering with Keepnet Labs offers a unique opportunity to elevate their offerings, gain a competitive edge, and solidify their position in the market. Here's why allying with Keepnet Labs is a strategic move for solution providers:

5.1. The Competitive Edge of a Robust Human Risk Management Solution

1. Holistic Security Approach: While many cybersecurity solutions focus on technological defenses, Keepnet Labs emphasizes the human element, offering a more comprehensive approach to security. Providers can offer clients a 360-degree security strategy by integrating Keepnet Labs' HRM solutions.

2. Staying Ahead of the Curve: The cybersecurity landscape is in constant flux, with new threats emerging daily. Keepnet Labs' commitment to continuous research, updates, and innovation ensures that partners always have access to cutting-edge solutions, setting them apart from competitors.

3. Enhanced Credibility: Associating with a recognized leader like Keepnet Labs enhances a solution provider's credibility in the market, signaling to clients and stakeholders that they prioritize top-tier solutions.

4. Unified Platform: Gartner highlighted a significant shift in the cybersecurity landscape. The once-popular "best of breed" approach was lacking, leading to organizations grappling with the challenge of consolidating their security vendors. This move towards consolidation wasn't merely driven by budgetary constraints or a push for procurement efficiency. Instead, the primary motivators were the urgent need to reduce system complexity and significantly enhance an organization's risk posture.

A staggering 75% of organizations were actively pursuing security vendor consolidation, emphasizing the magnitude of this trend. Keepnet Labs emerged as a beacon of innovation and strategic foresight in this context. Recognizing the industry's needs, Keepnet Labs took a decisive step by amalgamating nine distinct solutions under a single, unified platform.

5.1.1. This unified approach offers multiple advantages

  • Simplicity in Complexity: By bringing together multiple solutions, Keepnet Labs provides organizations with a streamlined, integrated platform, eliminating the challenges of managing disparate systems.
  • Enhanced Risk Posture: With a unified platform, organizations can have a more holistic view of their security landscape, allowing for better threat detection, response, and mitigation.
  • Operational Efficiency: A unified platform reduces the overheads associated with managing, updating, and training staff on multiple systems, leading to operational efficiencies and cost savings.

Cybersecurity threats are multifaceted and ever-evolving, and the value of a unified platform, like the one offered by Keepnet Labs, becomes immeasurable. It addresses the immediate challenges highlighted by industry leaders like Gartner and positions organizations for future success in cybersecurity.

5.2. Enhancing Your Value Proposition through Partnerships

1. Comprehensive Offerings: By integrating Keepnet Labs' solutions into your portfolio, solution providers can offer clients a more comprehensive suite of services catering to a broader range of cybersecurity needs.

2. Customization and Scalability: Keepnet Labs' platform is designed to be adaptable, allowing providers to tailor solutions based on client size, industry, and specific requirements.

3. Collaborative Innovation: Partnering with Keepnet Labs opens the door to collaborative research and development opportunities, allowing solution providers to co-create bespoke solutions that address emerging challenges.

4. Access to Expertise: Keepnet Labs boasts a team of seasoned cybersecurity experts. Partnering with us provides solution providers with a reservoir of knowledge and expertise, enhancing your consultancy and implementation capabilities.

6. Testimonials and Case Studies: A Testament to Success

The true measure of a partnership's value often lies in the real-world successes it yields. Here are a few testimonials and case studies that underscore the benefits of partnering with Keepnet Labs:

1. MTI: "Since integrating Keepnet Labs' HRM solutions into our offerings, we've seen a 40% increase in client acquisition. Their platform has enhanced our product suite and positioned us as leaders in the cybersecurity domain."

2. Computacenter: "Our collaboration with Keepnet Labs has been transformative. Their continuous support, training, and expertise have allowed us to deliver unparalleled value to our clients."

3. Rainnetworks: “When a major client of us faced a sophisticated phishing attack, the integration of Keepnet Labs' solutions enabled swift identification and mitigation. Post-incident analysis and training modules ensured that our client's team was better prepared for future threats, leading to an up to 60% reduction in human-induced vulnerabilities”.

4. Cyber Education: “Partnering with Keepnet Labs allowed us to offer unique human-centric cybersecurity solutions, leading to a 30% increase in market share within two years.”

5. Forgify: “When looking for an HRM Partnership, Keepnet Labs was the standout choice. Unique, relevant, and the only solution we saw to help mitigate current and future threats through Voice, SMS, and the ever-evolving Phishing landscape.”

For technology firms aiming to elevate their market position, enhance their offerings, and deliver unmatched value to their clients, partnering with Keepnet Labs is a strategic imperative. The combination of Keepnet Labs' expertise in HRM and a solution provider's capabilities creates a synergy poised to redefine industry cybersecurity standards.

7. Conclusion

The technological defenses—though sophisticated and essential—represent just one facet of a multifaceted challenge. As we've navigated through the complexities of the digital age, one truth has emerged with undeniable clarity: the human element, with all its unpredictability and potential for error, plays a pivotal role in the overall security posture of any organization. The vulnerabilities introduced by human actions, behaviors, and decisions can often overshadow even the most advanced technological threats. This underscores the critical importance of HRM in today's cybersecurity landscape.

The digital threats of the modern era are not just evolving; they are becoming increasingly targeted, leveraging human vulnerabilities to breach even the most fortified defenses. Whether it's a meticulously crafted phishing email, a social engineering scam, or simple oversights like weak passwords and misconfigurations, the human factor is invariably at the epicenter of many security breaches. Addressing this requires a paradigm shift from solely technology-centric solutions to a holistic approach that encompasses human behavior, psychology, and organizational culture. In this context, the significance of a robust HRM strategy cannot be overstated.

For organizations and technology firms aiming to fortify their defenses and stay ahead of the curve, the choice of a partner becomes clear. Keepnet Labs offers a unique value proposition for you as a solution provider with its deep expertise, innovative solutions, and unwavering commitment to addressing the human aspect of cybersecurity. By integrating Keepnet Labs' state-of-the-art HRM Platform, organizations enhance their security posture and position themselves as forward-thinking leaders in the cybersecurity domain.

The synergy between technological defenses and human-centric solutions will define the future of cybersecurity. And in this journey, partnering with trailblazers like Keepnet Labs will be the key to building a secure, resilient, and prosperous digital future.

8. Next Steps

The challenges are many, but so are the opportunities for those willing to take proactive steps towards a safer digital future. If you represent a technology firm committed to excellence, innovation, and offering unparalleled value to your clients, then the path forward is clear: explore partnership opportunities with Keepnet Labs.

If you're ready to redefine cybersecurity standards, bolster your offerings, and embark on a journey of collaborative growth, then the time to act is now. Contact Keepnet Labs and see our dedicated partnership team is on standby, ready to guide you through the process, answer any queries, and help you unlock the myriad benefits of aligning with Keepnet Labs.

SHARE ON

twitter
linkedin
facebook

Schedule your 30-minute demo now

You'll learn how to:
tickAutomate behaviour-based security awareness training for employees to identify and report threats: phishing, vishing, smishing, quishing, MFA phishing, callback phishing!
tickAutomate phishing analysis by 187x and remove threats from inboxes 48x faster.
tickUse our AI-driven human-centric platform with Autopilot and Self-driving features to efficiently manage human cyber risks.