IT Brief US - Technology news for CIOs & IT decision-makers
United States

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Office workers computer alert suspicious email shadowy figure cybersecurity
#
Phishing
#
AI
#
Cybersecurity

KnowBe4 unveils framework for people-centric cybersecurity culture

Today
Author image
By Jed Nykolle Harme, Editor

KnowBe4 has released a new whitepaper outlining a strategic framework for human risk management in cybersecurity.

The document, titled "A Strategic Framework for Human Risk Management," sets out the core principles organisations can employ to strengthen their security culture and achieve measurable changes in employee behaviour. According to KnowBe4, the framework is intended as a response to the increasingly complex cyber landscape, where human behaviour remains a primary method exploited by attackers.

The framework emphasises a people-centric, strategic approach distinct from simply deploying a specific human risk management platform. KnowBe4 describes this model as an effort to measure, manage, and reduce security risks generated by everyday human activity in the workplace. The focus shifts away from traditional static security awareness programmes, advocating for a broader transformation in how businesses view and address risks associated with human factors.

Several key principles underlie the proposed human risk management approach. The first is to measure and benchmark existing human risk levels by carrying out baseline assessments. This enables organisations to understand where their most significant vulnerabilities lie in relation to employee behaviour.

Organisations are also encouraged to engage and empower staff, fostering a culture in which security is viewed as a collective responsibility rather than simply an issue for IT teams. The framework further suggests adapting and personalising interventions - such as training and coaching - to individual risk profiles, thereby increasing their effectiveness.

Artificial intelligence and automation also play a role in the model. Organisations are advised to implement intelligent, AI-driven tools to deliver real-time feedback and insights, alongside automated actions designed to intervene before small lapses develop into larger security breaches. A final core principle is the need to demonstrate value by measuring the impact of any HRM programme in terms of improving overall security posture and culture.

"While security training remains a vital component of any defence strategy, it is time we shift towards human risk management as a holistic approach. This means putting people at the heart of every security decision, using processes that work with them rather than against them and continuously adapting strategies based on real-world behaviour. Instead of creating static rules, a HRM approach seeks to understand the motivations and daily pressures that guide employee decisions, empowering them to make safer choices and contribute to a modern security culture," said Javvad Malik, Lead CISO Advisor at KnowBe4. 

According to KnowBe4, the new framework has been designed to be both practical and adaptable to a range of organisational contexts and risk environments. The whitepaper lays out how businesses can move beyond one-size-fits-all training and awareness campaigns towards a strategy that tailors interventions and support according to role, risk profile, and current behaviours.

The company further details that HRM must become an ongoing, evolving process rather than a one-off project. By leveraging AI and automation, security teams are able to deliver interventions precisely when and where they are needed, as well as track improvements over time to demonstrate business value and compliance.

KnowBe4 states that the whitepaper is intended to support security leaders, IT professionals, and business managers in understanding both the necessity and the practicalities of developing a holistic human risk management programme. The company highlights that such an approach is especially important as attacks targeting human error, such as phishing, social engineering, and insider threats, remain prevalent across all sectors.

The introduction of the HRM framework aligns with ongoing efforts within the cybersecurity industry to promote a more comprehensive understanding of security that extends beyond technology to address the behaviours and pressures employees encounter daily. The guidance provided in the whitepaper aims to support organisations in making meaningful, data-driven adjustments to their security culture.

KnowBe4 reports being trusted by more than 70,000 organisations and provides an AI-driven platform that includes modules for awareness and compliance training, cloud email security, real-time coaching, and anti-phishing tools, among other features. The company maintains that empowering employees and providing tailored, timely information significantly reduces human risk factors, transforming the workforce from a security liability to an asset.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Cisco unveils advanced AI tools to boost Splunk Observability
Cisco introduces AI-powered Splunk Security editions for faster threat defence
Cisco announces Splunk & Snowflake integration for unified data
BlackLine unveils Verity AI to transform financial operations
Seeing Machines adds alcohol impairment detection to DMS for global safety

Top stories

Tata & Cisco team up to bring global eSIM IoT management to enterprises
Exabeam adds AI agent threat detection to New-Scale platform
Pedro Diaz named Tanium's Chief Revenue Officer to boost growth
Global spending on GenAI smartphones to hit USD $298.2 billion
Mitsubishi Electric acquires Nozomi in USD $1 billion OT cyber deal