Human Risk Management

A framework for human-related cybersecurity risk

Transform Human + AI Risk into Measurable Defense

Cybersecurity starts with people—and now includes the autonomous AI “co-workers” acting alongside them. The Human Risk Management Framework gives you a practical, evidence-based way to identify, quantify, and reduce cyber risk across both your human workforce and AI agents, before incidents happen.

Discover how to proactively manage cyber threats with a people-and-AI-first security framework.

Cybersecurity Still Has a Blind Spot: People + AI Agents

  • Despite the fact that 3 out of every 4 security breaches involves human actions, most frameworks focus only on devices and threats—not the workforce itself.
  • Even people-focused security programs tend to fixate on phish clicks or training completions—missing the full picture of human risk.
  • A true lens into risk must account for both people and their AI co-workers, ensuring that organizations can govern the blended workforce shaping today’s cybersecurity landscape.

Get Started with Human Risk Management

Framework

A framework that gets above the noise and surfaces actionable indicators of risk.

To mitigate human risk, you need to map out and see the entire surface of human risk exposure. This comprehensive, vendor-agnostic framework maps out that surface into 15 categories, with over 500 observable, measurable, and actionable indicators or risk.

Methodology

Research that looks across the data in typical environments to identify risk that matters.

Modern enterprises rely on a wide array of technologies across security, IT, and even HR. Each holds a piece of the human risk puzzle, but none of them alone has the full picture. Our approach looks across a broad set of data to surface risk that matters.

Learn from the Field, Grow with the Community

Case studies and peer collaboration to help you evolve your human risk strategy.

Blog & Case Studies

Explore real incidents, lessons learned, and success stories that show human-centric risk insights in action.

HRM Community

Join a growing network of security leaders, analysts, and practitioners sharing strategies for human-centric cyber defense.

Discover Your HRM Maturity

The Human Risk Management (HRM) Maturity Model provides a clear roadmap to evaluate your current capabilities, benchmark against industry best practices, and chart a path toward stronger, measurable human-centric defense.

Stay Updated

Get the latest insights on human risk management delivered to your inbox. Join our community of security professionals.