Most organisations fail to measure their human cyber risk. Some measure security training uptake. Some go a little further and measure suspicious link-clicks or report-rates. But very few can answer key security questions such as “How has our human cyber risk changed...

read more