As many as 90 per cent of security breaches involve human error or social engineering.
So how do we reduce the risks from human behaviour?
In this, the second of our short series exploring the links between human behaviour and security, we look at the emerging field of human risk management.
If we don’t understand the risks, we can’t reduce them. But how do we, at a business level, categorise those risks?
Human risk management is all about creating a better understanding of where the risks are, and which behaviours are risky. By using real-world data, its advocates say it easier to design and target counter measures, such as training.
And it allows organisations to tailor their security and privacy measures to their own risk appetite.
Our guests this week are Lev Lesokhin and Charlotte Jupp, of OutThink – an firm that’s pioneering human risk management.
They discuss what human risk management involves, and how security teams can make use of it, with editor Stephen Pritchard. Part of the skill is being effective, without breaching employee privacy, or “being creepy”.
Image by wal_172619 from Pixabay