Rethinking Security Training With A Human Risk Management Approach
What's the one area in cybersecurity that is overdue for change? It's security awareness training.
After three decades of underwhelming results, it's clear that security awareness programs haven't kept up with today's threat landscape. Human error remains the leading cause of data breaches, with Mimecast reporting that 95% of data breaches involve user mistakes. While those numbers remain stubbornly high, conventional training methods fail to instill lasting behavioral change.
If we want security awareness to truly protect organizations, we need to rethink everything—from how we structure training, to the metrics we track, to what 'success' actually looks like. It's time to stop measuring attendance and start measuring action. By focusing on adaptive learning, personal accountability and measurable outcomes, we can evolve security awareness from a compliance checkbox into a core defense mechanism.
Why Legacy Training Fails To Deliver
For years, security awareness relied on outdated tactics like annual training modules and phishing simulations. These tools often create a false sense of progress while leaving companies exposed when behavior doesn't shift.
The problem isn't just outdated content—it's one-size-fits-all structure. Most organizations deliver the same training to every employee, regardless of job role, risk exposure or history of security missteps. Expecting uniform outcomes from workers with vastly different responsibilities is both unrealistic and ineffective.
Worse, the metrics used to assess these programs are often meaningless. Completion rates and engagement scores track participation, not progress. It's time to prioritize behavior and results, not just check-the-box compliance.
What Human-Centric Training Should Look Like
To truly reinvent security awareness, organizations need to move from static, one-dimensional programs to those that empower employees and respond to evolving risks. Grounded in a human risk management framework, this new approach should center on three pillars:
The calendar-based model no longer works. Cyberthreats evolve rapidly, and training must evolve with them—meeting employees at the point of risk.
Just-in-time learning is essential. If an employee clicks on a risky link, a prompt that explains the mistake and offers safer alternatives helps cement the lesson when it matters most.
Threat-responsive updates are just as vital. Security programs should shift with threat levels—deploying phishing alerts during surges or ransomware simulations when relevant. Even simple interventions, like monthly nudges, help keep good habits top of mind.
Not all employees face the same risks. Senior leaders are often targeted by spear-phishing. Developers may encounter credential-harvesting threats. Yet most training programs treat all employees the same.
A more tailored approach improves both relevance and retention. This can be achieved by taking the following steps:
• Categorize employees by their risk level (low, medium, high) based on job role, access level and past behavior.
• Use real user data to shape future training and deliver targeted feedback or additional simulations for those who have fallen for phishing attempts.
• Create transparent risk profiles that show employees how their behavior compares to peers (e.g., "You are two times more likely than your peers to click a phishing link.") to promote self-awareness.
Customization doesn't just drive better results. It shows employees that the training applies directly to their day-to-day challenges—and empowers them to reduce risk on their own.
One of the biggest shifts needed is how we define success. Vanity metrics like completion rates won't cut it. Focus instead on data points that reflect behavioral change and reduced risk outcomes, including:
• Reduced successful phishing attacks over time
• Improved password hygiene (e.g., reduction in reused or weak credentials)
• Decreased risky activities, like installing unapproved apps or mishandling sensitive data
• Tangible economic benefits, such as lower remediation costs or fewer downtime events
Behavior-based metrics are not only more meaningful—they drive continuous improvement by showing what's working and where to focus next.
Creating A Culture Of Accountability
Modern security awareness must build trust, not fear. Employees shouldn't be punished into compliance—they should be brought into the process as active defenders.
Give them visibility into their own progress. Simple dashboards or comparative banners (e.g., 'You're in the top 10% for secure behavior!') drive motivation and clarity.
Recognition matters too. Celebrate employees who report phishing attempts or avoid traps. Positive reinforcement builds morale—and reinforces the right habits.
When employees feel invested and informed, participation turns into ownership.
Reframing Awareness As Human Risk Management
Security awareness is just one part of a broader human risk strategy—but it's a high-impact opportunity hiding in plain sight. The poll results are clear: Industry frustration is high and legacy methods no longer serve.
By shifting toward adaptive, personalized and outcome-based training, organizations can finally address the human vulnerabilities that attackers exploit most. When done right, security awareness doesn't just educate—it protects.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Digital Trends
5 minutes ago
- Digital Trends
RTX 40-series GPUs just got smoother gameplay with Nvidia's latest update
Out with the old, in with the new. According to Board Channels, Nvidia has now halted production for nearly all of its best graphics cards as it shifts focus to the RTX 50-series. Only one GPU remains in production, and some of the cards that are the most in demand are no longer being produced. Nvidia hasn't officially announced that it's sunsetting the RTX 40-series, but we've been hearing more and more reports that imply that might be the case. The RTX 4090 was among the first cards to go out of production, and the discontinuation appears to have immediately affected the markets. Nvidia's behemoth flagship was hard to come by at the best of times, and now, as no more new units are being produced, it's safe to assume that this situation won't improve. The cheapest RTX 4090 I could find on Amazon costs nearly $2,000, but you can still snag one for $1,900 at Newegg .
Yahoo
13 minutes ago
- Yahoo
Here Are My Top 2 Mining Stocks to Buy Now
Key Points Newmont is catching tailwinds from record-high gold prices, delivering record free cash flow in Q2. MP Materials has secured major deals with the DoD and Apple, but faces near-term revenue pressure. 10 stocks we like better than Newmont › Mining companies have a reputation for being boom or bust. They can be defensive, cyclical, and -- if you pick right -- pretty rewarding over the long haul. Invest in Gold American Hartford Gold: #1 Precious Metals Dealer in the Nation Priority Gold: Up to $15k in Free Silver + Zero Account Fees on Qualifying Purchase Thor Metals Group: Best Overall Gold IRA Right now, two mining stocks that stand out to me are Newmont (NYSE: NEM) and MP Materials (NYSE: MP). One is a gold miner with a huge global presence and a gold market that's tilting in its favor. The other is America's rare-earth champion, or, rather, one of the few domestic sources for metals critical to defense, tech, and clean energy. The first leans on demand that's been around for centuries, while the second is still out to prove its story. Let's start with the steadier of the two. 1. Newmont Newmont is the world's largest gold miner, with operations spanning five continents. It's about as close to a blue-chip gold stock as you can get, with steady cash flow, global scale, and a front-row seat to the gold price show. Speaking of which, gold prices have been on a tear in 2025. Just consider this: the average quarterly price for an ounce of gold hit an all-time high of $3,280.35 in June, an increase of 40% year over year and 15% from the previous quarter. JP Morgan now sees gold prices crossing $4,000 by the second quarter of next year, while Goldman Sachs is projecting a range of $3,650 to $3,950. If either of those predictions comes true (and let's be clear -- they are only predictions), strong tailwinds would fluff up the sails of Newmont. Already, the company has sailed high on the strength of gold this year. In Q2, it turned out about 1.5 million attributable ounces at an all-in sustaining cost (AISC) of $1,375 per ounce -- good enough to deliver a record $1.7 billion in free cash flow. That kind of cash covers the dividend (currently yielding about 1.45%) and funds a $3 billion stock buyback program. Shares are up nearly 80% this year on the back of those results, yet Newmont still doesn't look expensive. Its enterprise value is just over 6.5 times earnings before interest, taxes, depreciation, and amortization (EBITDA), below the industry's usual 7-to-8 range and under its own long-term average. With gold's backdrop this strong and a healthy balance sheet, Newmont seems like a good buy for the long term. 2. MP Materials MP Materials runs the only rare-earth mine in the United States, which produces elements like neodymium and praseodymium (NdPr). These metals are essential for producing high-strength magnets used in everything from smartphones to electric vehicles to wind turbines and fighter jets. Currently, China is the dominant producer of these and other rare-earth metals. But MP Materials' Mountain Pass mine in California could give the U.S. a strategic foothold in securing its own supply chain. That fact alone has opened doors: a major Department of Defense contract that includes a price floor for NdPR at $110 per kilogram and a $500 million supply deal with Apple for magnets used in its devices. Production has been ramping up fast. In the second quarter of 2025, MP Materials' NdPr production reached 597 metric tons, a record high. And with management expecting production to rise 10% to 20% over the next quarter, that record might not last. Meanwhile, losses narrowed more than expected, with a $0.13 per-share loss more favorable than the $0.20 that was forecast. Still, a lot of questions remain, especially after MP Materials' decision in April to halt all exports to China, historically its biggest customer. The bet is that government contracts, Apple's magnet orders, and new buyers in the U.S., Japan, and South Korea will more than make up the difference. But the company will have to start selling more refined products instead of raw concentrate, which is problematic considering that its 10X Facility is still years from opening. At the stock's current price, its forward price-to-earnings ratio of about 24 times already bakes in a lot of expectations for growth. That's rich for a miner in transition, especially one that's trading short-term revenue for the promise of downstream integration. For now, MP remains a high-risk, high-reward bet on U.S. supply chain independence -- worth watching, for sure, but best kept as a small holding of a portfolio. Should you invest $1,000 in Newmont right now? Before you buy stock in Newmont, consider this: The Motley Fool Stock Advisor analyst team just identified what they believe are the for investors to buy now… and Newmont wasn't one of them. The 10 stocks that made the cut could produce monster returns in the coming years. Consider when Netflix made this list on December 17, 2004... if you invested $1,000 at the time of our recommendation, you'd have $649,544!* Or when Nvidia made this list on April 15, 2005... if you invested $1,000 at the time of our recommendation, you'd have $1,113,059!* Now, it's worth noting Stock Advisor's total average return is 1,062% — a market-crushing outperformance compared to 185% for the S&P 500. Don't miss out on the latest top 10 list, available when you join Stock Advisor. See the 10 stocks » *Stock Advisor returns as of August 13, 2025 JPMorgan Chase is an advertising partner of Motley Fool Money. Steven Porrello has no position in any of the stocks mentioned. The Motley Fool has positions in and recommends Apple, Goldman Sachs Group, and JPMorgan Chase. The Motley Fool recommends MP Materials. The Motley Fool has a disclosure policy. Here Are My Top 2 Mining Stocks to Buy Now was originally published by The Motley Fool
Yahoo
28 minutes ago
- Yahoo
Navatar Unveils AI-Powered CRM That Meets M&A Advisors Where They Work From Outlook to Slack to CRM: Investment Banking's First Truly Embedded Intelligence Platform For Salesforce
Leveraging Salesforce's Agentforce and Microsoft Copilot, Navatar Automates Data Entry and Turns Activity into AI-Driven Intelligence LONDON and NEW YORK, Aug. 19, 2025 (GLOBE NEWSWIRE) -- Navatar, the leading platform for private markets, today announced the launch of its next-generation, fully AI-powered CRM purpose-built for M&A advisory firms. The new platform combines intelligence, automation, and usability—solving one of the biggest challenges firms face when trying to put AI to work: data. A recent Business Insider article warned: 'AI intensifies data flaws rather than solving them,' noting that data is one of the top reasons AI projects fail. For many advisory firms, legacy CRMs have made that problem worse—requiring tedious data entry that bankers inevitably avoid. As a result, most of the useful intelligence remains trapped in inboxes, documents and individual banker memory. Navatar solves this by automatically capturing and structuring activity from emails, call notes, LinkedIn, Slack, documents, public domain and third-party data—including relevant benchmarks, market comps, and triggers from the public internet—turning your team's daily activity into structured, usable intelligence for AI to operate on—turning your team's daily activity into structured, usable intelligence for AI to operate on. AI Where You Work: Inside Outlook, Navatar, or Slack Navatar combines the best of Salesforce AI (Agentforce 3)and Microsoft Copilot so dealmakers no longer need to log into a CRM to get intelligence. Whether working inside Outlook, Navatar or Slack, users receive real-time insights, recommendations, and automation—all natively delivered in the tools they already use. Leveraging Salesforce's Agentforce, Navatar ensures that all proprietary client and deal information remains private and compliant, never shared with or exposed to public AI models. Firms get the power of generative AI with the security of an enterprise-grade, private data environment. Within Microsoft Outlook Smart Contact Insights – See who knows the contact, related mandates, and past interactions directly in your inbox. Email Summarization & Next Steps – AI condenses long threads and suggests follow-ups, tasks, and next steps. Deal Context at a Glance – View associated mandates, stage, and buyer/seller lists without logging in. Automated Meeting Prep – Get AI-generated briefs from emails, calendar events, and CRM activity. Activity Capture – Sync emails, calendar and meetings to the right deals and clients automatically. Within Navatar Thematic Sourcing – Identify sectors and companies likely to transact by analyzing market signals, including public news, filings, and web-based benchmarks. Buyer/Seller Matching – Predict the most likely matches based on past transactions and strategic fit. Relationship Intelligence: Auto-map referral paths, warm intros, and deal team connectivity using AI across your team's network. Document Intelligence – Extract key terms, risks, and data from documents and models. Pipeline Intelligence – Generate AI summaries for pipeline reporting. Task Automation – Auto-create follow-ups based on conversation or document triggers. Within Slack CRM Alerts in Slack – Get real-time updates on mandates, buyer interest, and client activity. Conversation Linking – Tag Slack threads to deals, clients, or contacts. AI Channel Summaries – Capture highlights and actions from busy deal channels. Push to CRM – Log notes or tasks in Navatar directly from Slack. AI Use Cases for M&A Advisory Firms Navatar's AI transforms every stage of the advisory workflow: Deal Origination – Thematic sourcing, buyer/seller matching, relationship mapping, competitive intelligence. Pitching – AI-generated buyer lists, pitch deck content, market comps, and tailored sector heatmaps. Execution – Document review, data room analysis, call summaries, buyer engagement scoring. Client Coverage – Contact enrichment, coverage risk alerts, cross-sell opportunity detection. Market Intelligence – Real-time alerts, comps/multiples tracking, buyer watchlists. Workflow Automation – Automatic activity logging, task creation, and compliance trails. About Navatar Navatar (@navatargroup) powers leading investment banks, M&A advisory firms, and alternative asset managers with cloud CRM solutions purpose-built for private markets. Now fully AI-powered, Navatar captures intelligence automatically and delivers insights directly into Outlook, Slack, and CRM—turning every interaction into firmwide knowledge. Built on Salesforce and integrated with Microsoft Copilot, Navatar eliminates manual data entry, unifies relationship context, and orchestrates complex deal processes—without disrupting how bankers work. Backed by over two decades of CRM expertise, Navatar is used by hundreds of global firms to win more mandates, deepen coverage, and execute faster. For more information, visit Sales TeamNavatarsales@ in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
