Established research and newer data show that basic personnel challenges such as poor training, understaffing, and lack of awareness contribute significantly to cyber risk.

January 25, 2024

People Problems: The Human Element of Cyber Risk

ISS-Corporate People Problems: The Human Element of Cyber Risk

Below is an excerpt from ISS-Corporate’s recently released paper “People Problems: The Human Element of Cyber Risk”. The full paper is available for download from the ISS-Corporate online library.

The recent high-profile cyberattacks on MGM Resorts International and Caesars Entertainment – both enabled by social engineering – serve to underscore the role of human failure in exposing a company’s IT systems to bad actors. Recent research shows that about three quarters of cyber incidents involve some sort of human misstep. In this report, ISS-Corporate explores the connections between human skills, staffing, and cyber outcomes, and how monitoring data influenced by these factors can help organizations measure and assess their cyber breach risk.


  • Recent breach incidents provide strong anecdotal evidence of the crucial role that people play in maintaining cyber security.
  • Academic research shows a strong connection between cyber management skills and behaviors and successful security outcomes.
  • Current analyses of information regarding network configuration and website construction underscore the strong connection between inferred staffing skill levels, resourcing levels, management awareness, and security outcomes.
  • Analyzing incidence statistics (rates, ratios, and recurrence) of routine cyber security issues over time can help predict the likelihood of a future breach.

Read the full paper >

By: Douglas Clare, Managing Director, Cyber Strategy, ISS-Corporate

Share this