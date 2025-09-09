We tend to think of cybersecurity as being a technology problem, but in fact it’s often about humans. Attackers exploit our weaknesses with social engineering, phishing and other attacks designed to trick us into giving up valuable information.

A new whitepaper released today by KnowBe4 looks at the core principles of a modern human risk management (HRM) approach and how organizations can apply the framework to strengthen security culture and drive measurable change in employee behavior.

Separate from a HRM platform, the HRM framework is defined as a strategic, people-centric approach to cybersecurity that measures, manages and reduces the security risks created by human behavior. The new framework comes as a direct response to the escalating cyber landscape where human behavior continues to be a primary attack vector.

The whitepaper outlines a number of core principles aimed at building an effective HRM approach. These include measuring and benchmarking to understand current human risk levels within an organization using a baseline assessment. In addition it suggests creating a culture where security is a shared responsibility, not just an IT concern, delivering tailored training and coaching based on individual risk profiles, and using intelligent AI-driven technology to provide real-time feedback, personalized insights and automated interventions.

"While security training remains a vital component of any defense strategy, it is time we shift towards human risk management as a holistic approach," says Javvad Malik, lead CISO advisor at KnowBe4. "This means putting people at the heart of every security decision, using processes that work with them rather than against them and continuously adapting strategies based on real-world behavior. Instead of creating static rules, a HRM approach seeks to understand the motivations and daily pressures that guide employee decisions, empowering them to make safer choices and contribute to a modern security culture."

You can download the full whitepaper from the KnowBe4 site.

