< ciso
brief />
Tag Banner

All news with #human risk management tag

57 articles

Professional athletes, wearables, and privacy risks

🔒 Wearables raise acute privacy concerns for professional athletes because biometric data can directly affect livelihoods. While such data can aid training and injury prevention, access by coaches, teams, or leagues risks misuse in discipline, contract negotiations, and betting markets. Experts warn commercialization could enable gamblers and teams to exploit sensitive signals like sleep or heart rate, and aging or injured players may be most vulnerable. Legal and ethical safeguards remain unresolved.
read more →

Breaking the Cycle of CISO Burnout and Resilience

🔒 When a major cyber incident occurs the CISO becomes the invisible CEO of crisis, making high‑pressure decisions while managing stakeholders and operational recovery. This intense role, combined with limited strategic influence and short tenures, drives burnout and turnover across EMEA. Preparation through exercises, clear measures of risk and a permanent strategic seat at the table are essential to build sustainable resilience.
read more →

Cybersecurity Professionals Reporting Increased Job Strain

🔐 A new report from ISSA and Omdia, surveying 380 practitioners, finds 68% of cybersecurity professionals say their jobs have become harder in the past two years. The study highlights that >70% are excluded from key technology decisions, with rising involvement from IT operations and platform engineering (79%) and tech choices made without cyber input (72%). Work-related stress is significant: 69% report work-life balance challenges and 47% have considered leaving due to stress. Respondents point to leadership commitment, compensation, and career support as key factors for job satisfaction.
read more →

Cybersecurity teams strained by lack of training time

🔒 A global ISC2 study of nearly 1,000 enterprise security leaders finds training budgets have risen but staff lack time to complete upskilling. AI is the top emerging skill organizations are addressing, yet practical barriers—competing workloads, outdated content, and trainer shortages—limit participation. Leaders urge protected, scheduled learning time and managerial support to make training effective.
read more →

Bayer overhauls security awareness for AI era

🧭 At Infosecurity Europe 2026, Bayer CISO Kevin Jones outlined a shift from checklist-based guidance to psychology-first security awareness to counter AI-enabled social engineering. The firm mandates behavior-focused training, ties AI access to role-based modules, and gates agent development behind completion. Bayer is moving SOCs toward supervised automation and updating supplier contracts and governance to enforce AI transparency and controls.
read more →

Chilling Effects: How Fear Is Reshaping Speech

📰 Chilling effects—the self-censorship and restraint people adopt under threat—are spreading across U.S. campuses and institutions in response to the Trump administration’s punitive tactics. Students, professors, journalists, researchers and cultural organizations report altering speech, research and programming to avoid legal, immigration, and institutional reprisals. The authors argue these effects are intentional, part of a broader strategy that leverages surveillance, uncertainty, and abuse of power to produce conformity and weaken democratic checks.
read more →

Incident-hardened CISOs earn greater trust

🔍 ISC2 research of 796 cybersecurity professionals shows that leaders who've managed real, high-profile incidents gain greater credibility. Over three quarters agreed such experience boosts trust, with 35% strongly agreeing. The survey finds outcome or blame of the prior incident is less relevant than the experience itself. Respondents emphasised a blend of technical and strategic skills, plus clear communication and team development.
read more →

Reframing Burnout as a Cybersecurity Risk

🛡️ Cybermindz warns that burnout among cyber professionals should be treated as a measurable operational risk rather than only a wellness concern. Their survey of 101 practitioners found frequent burnout and high emotional exhaustion, while their iRest® training study across 275 participants showed improved sleep, reduced exhaustion and lower attrition risk. Founder Peter Coroneos argues a risk-based framing can secure resources and support resilience.
read more →

One in Eight UK Employees Admit Selling Corporate Logins

🔒 A Cifas survey of 2,000 UK employees at firms with 1,000+ staff found 13% admitted to selling corporate logins in the past year or knew someone who had. The report highlights even higher tolerance among senior managers and executives, with justification rates rising to 32-43% and 81% for business owners. Cifas urges organisations to build fraud-aware cultures and deliver counter-fraud training to curb insider risk.
read more →

CISOs Rethink Hiring as AI Widens Skills Shortage Now

🔒 A persistent cybersecurity skills shortage is forcing CISOs to change hiring, training, and architecture decisions as AI amplifies attack scale and complexity. ISC2’s 2025 workforce study found 95% of organizations report at least one skills gap and nearly 60% call those gaps critical or significant. Leaders are turning to internal upskilling, automation, and role transitions, while balancing trade-offs between best-of-breed tooling, integrated platforms, and multicloud complexity.
read more →

The Fake IT Worker Threat CISOs Must Address Urgently

🛡️ Hiring fraud has produced thousands of fake IT workers who gain trusted access and create serious insider risks. Companies such as Amazon report coordinated attempts tied to state actors, while researchers like SentinelOne and vendors observe AI-enabled deepfakes, synthetic identities and stolen US credentials used to pass recruitment checks. Organizations must treat remote hiring as an access-control problem: strengthen identity screening, enforce staged trust, and deploy continuous post-hire telemetry and behavioral detection.
read more →

Top Sales Challenges Costing MSPs Cybersecurity Revenue

🔍 The article identifies five go-to-market barriers that prevent managed service providers (MSPs) from converting growing cybersecurity demand into predictable revenue. It argues many MSPs emphasize technical findings and frameworks rather than translating risks into business outcomes, leaving security positioned as a cost rather than a strategic investment. Cynomi's GTM Academy Complete Sales Kit is presented as a practical, operator-led playbook to align sales and technical teams, quantify ROI, and expand existing accounts through targeted discovery, scoring, and playbooks.
read more →

Human-centric Failures: Why BEC Survives Despite MFA

🔒 Multi-factor authentication reduces credential risk but does not stop many business email compromise (BEC) attacks, because adversaries target human decision points and process gaps rather than accounts. High-profile cases — Toyota Boshoku (2019, ≈$30M) and Arup (2024, ≈$25M) — show attackers using cloned messages and deepfakes without stealing credentials. Organizations should redesign approval workflows, require out-of-band verification for high-risk requests, run realistic BEC simulations, embed micro-learning, introduce purposeful friction and assign clear ownership of payment verification to close operational blind spots.
read more →

Only 34% of Cyber Pros Plan to Stay With Employers

🔍Only 34% of cybersecurity professionals plan to remain with their current employer, according to a survey of 500 respondents by IANS and Artico Search. The report finds that flexible work models, visible leadership support, and structured career development influence retention more than absolute pay. Hybrid schedules, mentorship, and modern tooling help reduce burnout and turnover.
read more →

Cyber Threat Literacy Tops Global People Risks 2026

🛡️ Marsh's 2026 People Risks report, compiled from interviews with over 4,500 HR and risk professionals across 26 markets, finds cyber-threat literacy is the top global people risk, with technological change, tech skills shortages and AI-related mindset barriers also ranking highly. The report highlights mishandling of data and low employee security awareness as persistent threats that can increase exposure to breaches and reputational damage. Marsh recommends reframing cyber risk to cover OT, HR and third-party systems, recruiting cyber talent, building a cyber-centric culture, reducing fatigue, and ensuring human oversight with robust governance and insurance cover.
read more →

Most Cybersecurity Staff Feel Undervalued and Underpaid

🔍 Over three quarters of cybersecurity professionals did not receive a pay rise last year, and roughly half report feeling undervalued, according to the Harvey Nash Global Tech Talent & Salary Report. Only 45% expect a pay increase in the next 12 months, placing information security professionals among the most pessimistic about pay prospects. Just 22% said their organisations increased cybersecurity resources after high-profile incidents, driving dissatisfaction and turnover risk.
read more →

CISOs Must Innovate to Retain Cybersecurity Talent

🔒 A new 2026 Cybersecurity Talent Report from IANS and Artico Search warns CISOs must be aggressive and innovative to retain staff amid a volatile jobs market. Based on interviews with over 500 US cybersecurity professionals, the study found only 34% plan to stay in their roles while 43% are considering a change, with turnover intent higher among senior staff. The report links job satisfaction to career progression, compensation movement and work-life balance, and highlights hybrid working and visible senior support as key retention drivers.
read more →

A Taxonomy of Cognitive Security and Reality Pentesting

🧠 Bruce Schneier highlights K. Melton’s recent framework on cognitive security, cognitive hacking, and “reality pentesting.” Melton organizes cognition into five architectural layers—sensory interface, neurocompiler, mind kernel, the mesh, and cultural substrate—and shows how fast, unconscious processes (Kahneman’s System 1) create exploitable backdoors. The taxonomy frames human perception as an IT-like attack surface and suggests practical implications for testing, defense, and threat modeling.
read more →

Rethinking Human Risk: Awareness Isn't a Control, Period

🔒 Organizations frequently treat security awareness training as a control, but this article contends it is primarily a cultural measure that cannot guarantee consistent outcomes. While training and phishing simulations reduce risk at the margins, they do not eliminate human variability or stop sophisticated business email compromise, credential harvesting, and modern MFA bypass techniques. The author recommends engineering systems to assume human fallibility—through phishing-resistant authentication, enforced financial controls, continuous identity telemetry, and real-time anomaly detection—so a single mistake cannot cause material harm.
read more →

Low-Cost Steps to Strengthen Your Security Posture Now

🔒 This piece presents eight practical, low-cost measures CISOs and security teams can deploy to materially improve enterprise protection. Recommendations emphasize better enforcement of MFA, fuller use of existing tool capabilities, regular tabletop exercises, and adoption of passkeys for high-risk users. The focus is on disciplined execution, configuration, and human risk management rather than large new purchases.
read more →