AI-driven advances are making social engineering, deepfakes and phishing attacks increasingly difficult to recognise for what they are – so much so that even experience is no longer a reliable safeguard. As a result, people are firmly in the crosshairs, and traditional security measures are struggling to keep pace.
According to the Verizon Data Breach Investigations Report, 74% of all security breaches can be traced back to human actions – whether through social engineering, everyday mistakes or deliberate misuse of privileges. Technical safeguards alone cannot mitigate this risk. They are essential, but without targeted awareness and training, investments in firewalls, EDR and SIEM leave a critical vulnerability unaddressed.
- Understanding new attack methods: How cybercriminals use social engineering, deepfakes and phishing to target employees – and why technical safeguards alone are not enough.
- Building effective security awareness: What effective training strategies look like in practice, and how gamification and simulations support lasting behavioural change.
- Strengthening compliance and organisational protection: Which regulatory requirements apply and how targeted awareness measures support long-term resilience.
- Meeting regulatory obligations and insurability requirements: What NIS2, ISO 27001, TISAX and KRITIS demand – and why cyber insurance increasingly requires security awareness training.
Employees are a critical factor in modern security strategies and must be integrated in a structured manner, just like technical solutions.