Cybersecurity 2025: The Year of the Human
Or Not
Last year at this time, I wrote about how things in Cybersecurity were ripe for change. I was hopeful that 2024 would be the year of significant change in the industry, and while there has been some movement in the things I talked about (Security leaders being part of the c-suite; expecting business leaders to understand security issues; workforce development focusing on skills) the change that actually took root was not so much about any of those things.
Instead, through policy initiatives and industry pressure 2024 focused on how we might make technology, particularly software systems, inherently more secure, less fragile, safer — and taking the burden off customers and users to know how to be secure.
Hallelujah.
What am I Talking About?
The old trope that humans are the weakest link in the cybersecurity defense chain has been conventional wisdom for a long time (search for “human error cybersecurity” to see all the articles about the problems with humans). The highly respected and often quoted 2024 Verizon Data Breach Report suggested that 68% of incidents were the result of the “non-malicious human element” — people who clicked on things, or opened a file, or accepted a fraudulent MFA push, among other things.
