{"id":213111,"date":"2026-05-13T01:32:00","date_gmt":"2026-05-13T05:32:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/13\/why-reducing-human-risk-in-the-ai-era-demands-shared-accountability\/"},"modified":"2026-05-13T06:25:12","modified_gmt":"2026-05-13T10:25:12","slug":"why-reducing-human-risk-in-the-ai-era-demands-shared-accountability","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/13\/why-reducing-human-risk-in-the-ai-era-demands-shared-accountability\/","title":{"rendered":"Why Reducing Human Risk in the AI Era Demands Shared Accountability"},"content":{"rendered":"

Why Reducing Human Risk in the AI Era Demands Shared Accountability<\/a><\/p>\n

https:\/\/www.cybersecurity-insiders.com\/why-reducing-human-risk-in-the-ai-era-demands-shared-accountability\/<\/a><\/p>\n

Publish Date: 2026-05-13 01:32:00<\/a><\/p>\n

Source Domain: www.cybersecurity-insiders.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

Cyber risk has outgrown the security function.
\nCISOs are accountable for outcomes they can\u2019t fully control. The behaviors driving human risk happen everywhere: in HR, in finance, in the C-suite. The CISO can build the program, but when a CFO approves a wire transfer without questioning urgency, or a developer pastes proprietary code into an unvetted AI tool, the CISO bears the fallout of decisions they had no seat at the table for.
\nAccountability structures haven\u2019t caught up to the threat reality.
\nFor years, \u201chuman risk\u201d was treated as a training problem centered on phishing clicks and weak passwords. But human risk is neither evenly distributed nor isolated to awareness gaps. According to research,\u00a0 just 10% of users account for 73% of organizational risk. Human-initiated incidents also remain the leading driver of breaches, accounting for 74% of all incidents. And with AI embedded into enterprise workflows, the consequences of a single human error can escalate faster than most organizations are structured to contain.
\nThat shift makes the human element an organizational design problem.
\nThe Human Element Is a Systems Challenge\u00a0
\nHuman risk exists at the intersection of behavior, identity, access, and threat exposure. The signals that indicate elevated risk are distributed across systems that historically operate in silos, including identity platforms, endpoint tools, HR systems, collaboration environments, and security operations. Most organizations still lack a centralized way to measure and operationalize human risk across those environments.
\nAt the same time, many of the decisions that shape organizational risk happen outside the security team entirely. Managers influence employee behavior and policy adherence. Department leaders approve access and operational exceptions. Employees make daily decisions around data handling, AI usage, and security practices. Yet accountability for those outcomes is rarely shared or measured consistently across the organization.
\nAI Is Forcing a Workforce-Wide Reckoning
\nAdversaries are using AI to craft hyper-personalized attacks at scale. Email security has advanced , so adversaries go where the defenses aren\u2019t. SMS and messaging platforms reach employees outside the corporate perimeter, on personal devices, at all hours. The attack surface is now personal and persistent, not just professional.
\nAt the same time, employees are using AI tools across everyday workflows in ways security teams haven\u2019t fully mapped. Most organizations have rolled out a sanctioned AI stack like Microsoft Copilot or a handful of approved tools, but employees are experimenting far beyond that perimeter. The gap isn\u2019t malicious, it\u2019s.operational. People are trying to work faster, solve problems quicker, and keep pace with growing demands. But the data flowing through those unvetted tools \u2014 customer records, internal IP, financial projections \u2014 doesn\u2019t stop at the approved boundary.\u00a0
\nAnd most companies think they have an AI strategy when\u00a0 they actually have an AI awareness gap.
\nWhat Shared Accountability Looks Like
\nThe most mature organizations are building shared accountability models, with concrete ownership across functions:<\/p>\n

HR owns behavioral change programs: onboarding, role design, training, and the performance conversations where security expectations live or die.
\nLegal owns AI governance: clear acceptable use tied to role and data access, and the policy framework employees actually operate within.
\nThe CISO owns risk visibility and measurement: correlating data across SIEM, EDR, and Identity & Access into a single view of human risk, and reporting outcomes to the board.
\nIT and Engineering own the systems: identity and access provisioning, technical guardrails on AI tools, and the workflows where secure behavior is easy or hard.
\nBusiness leaders own the risk appetite: defining where friction is acceptable and where speed wins.<\/p>\n

Accountability has to reach individuals. The most effective programs translate correlated risk data into scorecards at three levels \u2014 individual, manager, and team. Each employee sees their own risk score and the specific behaviors driving it. Each manager sees their team\u2019s score against company benchmarks and closes the gap. Teams compete with other teams, creating the kind of fun, competitive culture sales and customer support have built around scoreboards for decades, and security has rarely tapped.
\nReal-time data extends accountability further. When an individual is being actively targeted by a sophisticated phishing campaign, or when behavioral signals indicate elevated risk, the right response is a timely nudge in Slack or Teams, with training and context tailored to the moment. An educated employee who knows their risk and knows they are being targeted is the strongest defense.
\nAI Governance Has to Be Behavioral, Not Just Policy-Based
\nMost organizations have written an AI policy \u2013 that\u2019s table stakes. The gap is enforcement and culture.
\nWhat works is a combination of three things: clear acceptable use definitions tied to role and data access, real-time guidance that meets employees where they work rather than relying on annual training, and continuous measurement so leaders can see risk trends and course-correct. The companies doing this well treat AI governance the way mature security teams treat vulnerability management: as a continuous process, not a one-time document.
\nIf the secure path is also the frictionless path, adoption follows.
\nWhat This Means for the Board and the CISO
\nAI safety is a board-level conversation now, not a security team checkbox. Boards already recognize cyber risk as a business issue. Regulatory scrutiny continues to increase, customers expect demonstrable resilience, and the operational complexity AI introduces touches every business function.
\nThe most effective security leaders are no longer trying to own every aspect of cyber risk directly. Instead, they are building the operating model that enables every function to participate in reducing risk, with shared accountability, measurable outcomes, and a unified view of human risk across the workforce.
\nThis evolution toward measurable, organization-wide human risk reduction is one reason Human Risk Management has become a rapidly maturing category, with Living Security recognized as a leader in the Forrester Wave for Human Risk Management.
\nCyber risk has become a business-wide challenge.The operating models organizations build next will determine how effectively they manage it.
\n\u00a0<\/p>\n

Join our LinkedIn group Information Security Community!<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Why Reducing Human Risk in the AI Era Demands Shared Accountability https:\/\/www.cybersecurity-insiders.com\/why-reducing-human-risk-in-the-ai-era-demands-shared-accountability\/ Publish Date: 2026-05-13…<\/p>\n","protected":false},"author":1,"featured_media":213112,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cybersecurity-insiders.com\/wp-content\/uploads\/AI-1-2.jpeg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,25,27],"class_list":["post-213111","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-phishing","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213111"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=213111"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213111\/revisions"}],"predecessor-version":[{"id":213113,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213111\/revisions\/213113"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/213112"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=213111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=213111"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=213111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}