Data leakage is mainly due to industrial espionage, hacktivism, disgruntled employees, problems in processes, and human error. Considering that most industrial espionage and other cyber attacks use social engineering in some form to gain entry to target IT systems, it is clear that despite increasing levels of automation, the human factor continues to be an important element to consider in securing critical data and defending against a broad range of cyber-attacks.

The human factor in cybersecurity was a key theme at this year’s KuppingerCole Analysts’ Cybersecurity Leadership Summit, which featured presentations on a wide range of related topics, including the reasons people get hacked, the need to transform employees from being cyber risks into cyber defenders, how to address the security risks associated with employees, and how to ensure you have the people with the right skills to defend your organization from cyber-attack.

We can’t lose sight of human error because it still causes most of our security breaches. And so, everything we can do to reduce the reliance on humans or ensuring that we are able to teach people the right practices around security is going to continue to be extremely important.

— Rinki Sethi, CISO, Twitter.


Developing greater security awareness at Twitter is one of the proudest achievements of CISO Rinki Sethi. Find out what she has to say about tackling the human aspect of cybersecurity and overcoming the toughest challenges in transforming security culture in this Fireside Chat at the 2021 Cybersecurity Leadership Summit.

Research shows that 91% of successful attacks start with careless employees and a phishing email. For a perspective on what makes employees vulnerable and what can be done about it, have a look at this presentation on the Three Major Reasons Why Your People Get Hacked.

For a further discussion of risky human behaviors and how to address them, watch this presentation entitled: Humans, the Exhaust Port of Cybersecurity.

Much or the social engineering used in cyber-attacks is aimed at stealing user credentials. An effective way to counteract this is to eliminate the use of, or at least the reliance on passwords for security. To find out more about how to do this, watch this presentation entitled: What Does a Passwordless Future Look Like?

The Covid-19 pandemic has impacted the way we work in many ways, and this has implications for cybersecurity. For a discussion on how the pandemic has forced cybersecurity experts to include the human element in the equation in a different way, look at this presentation on How the Cyber Risk Estimation Changes if the Human Element is Considered.

Cybersecurity leaders recognize that employees routinely do the wrong things for the right reasons, and that they need support to become defenders. For an in-depth exploration of this topic, have a look at this presentation entitled: Staff are one of your biggest cybersecurity risks, but also your first line of defense. Investment in awareness and training is a key element of this approach, as explained in this presentation entitled: Be the Human Firewall - Evolution of an Awareness Program and this presentation  entitled: Ongoing Training: Human Firewall.

The topic of making people the first line of defense is further explored in this presentation on the Future of Work, while this presentation entitled: Cybersecurity: The Operational Illusion, explores why it is mainly the embedding of security values in corporate culture and corporate governance that should drive the transformative efforts around cyber security, and will lead ultimately to effective cyber resilience.

To find out why an effective program aimed at countering the insider threat must not only break down the siloes and incorporate all aspects of security, but also incorporate predictive behavioral indicators, watch this presentation entitled: Insider Threat 3in1: New Normal for Corporate Security.

Research shows that young and inexperienced professionals have the highest likelihood of getting successfully exploited by cyber attackers. For guidance on how to deal with this, watch this presentation entitled: The Human Factor of a Security Culture in a Start-up.

Keeping cyber resilience high while transforming your business digitally is a challenging task, because it requires organizations to increase cybersecurity expertise at a time when skills are scarce and expensive. Also, many businesses are making mistakes when hiring, leading to difficulties filling open positions and retaining existing staff. To find out what those mistakes are and how to avoid them, watch this panel discussion on Fighting the Cybersecurity Jobs Crisis.

For an analyst’s perspective on the human factor in cybersecurity, have a look at this video blog entitled: The wrong click: it can happen to anyone, and for other perspectives from past events, have a look at this presentation on The human factor in Cyber Security - Creating a cyber aware culture, and this presentation on Social Engineering - Exploiting the Human Factor.


If you would like to read short, concise takes on the topic of the human element in cybersecurity by our analysts, have a look at these blog posts entitled: Cybersecurity Awareness – Are We Doing Enough?, and Really! Stop Your Employees Using Smart Phones!, which discusses what practical measures can be taken to ensure that employees can use smartphones in a way that is secure.


The insider threat is widely considered as a key threat vector, and for a discussion of the insider threat within this wider context and some recommendations on how to address this and other threats, have a look at this leadership Brief on Top Cyber Threats.

Choosing a secure platform for current and future cloud projects can be challenging. To help make this decision, including a focus on the insider threat, have a look at this Whitepaper on Safeguarding Your Most Valuable Data: Five Key Criteria to Assess Cloud Provider Security.

Data-centric security is an alternative approach towards information protection that has emerged as a direct response to the increasingly obvious failure of traditional measures focusing on protecting IT infrastructures. For guidance on  how the layered security approach combined with unified visibility and analytics help make data-centric security a reality, including a focus on the insider threat, have a look at this Whitepaper entitled: Why Your Organization Needs Data-centric Security.

When it comes to counteracting the internal threat, Privilege Management in all its variations is a must for any organization. For an in-depth discussion on privilege account management challenges, building blocks, and action plans, have a look at this Whitepaper on Protecting the keys to your kingdom against cyber-attacks and insider threats.

Underlining that the insider threat needs to be considered in all IT environments, this Whitepaper on Understanding and protecting critical infrastructure makes recommendations for cyber defense in this context to address relevant threats, including insider threats.

Even the largest enterprises, with massive IT budgets and large teams of security experts, still struggle with controlling and protecting their APIs. There are many reasons for this, including the human factor, which are discussed in this Whitepaper on The Dark Side of the API Economy, which includes recommendations for addressing these issues to improve API security.


Research shows that most ransomware infections occur due to human errors, such as opening malicious email attachments. For more about the human element in the context of ransomware attacks, have a look at this Advisory Note on Understanding and Countering Ransomware.

Blockchains are generating interest as a workable alternative for electronic interactions between systems, individuals, and organizations. For perspectives on the role blockchains could play in addressing insider threats, have a look at the Advisory Notes on Blockchains and Cybersecurity: Augmenting Trust with Algorithms, and Blockchain and Risk. In addition to the Whitepaper mentioned above, the human element in the context of protecting critical infrastructure is explored in this Advisory Note entitled: Making critical infrastructures in finance industry fit for the age of cyber-attacks. While most cyber attacks that are enabled by insiders unwittingly, there are those attacks facilitated by malicious insiders. This type of insider threat is considered in this Advisory note on Trends in Privileged Access Management for the Digital Enterprise.


Countering insider threats has been the focus of several webinars. Review the list below and choose those that best meet your needs or interests:

Tech Investment

Our analysts have written reports on various cybersecurity market segments aimed at helping organizations find the solutions that best meet their needs. The two that are the most relevant in terms of dealing with the insider threat are the Leadership Compasses on Network Detection & Response (NDR)andAPI Management and Security.

In addition to the Leadership Compass reports mentioned above, organizations investing in technologies to address the insider threat can have a look at some of the related technology solutions that we have evaluated: