Human-Centric Security

“Data doesn’t walk out of the door of your organisations on its own. It’s people that end up making the mistakes or taking the data and information with them,” says Sumit Dhawan, Proofpoint’s CEO.

People have become the most vulnerable attack vector for threat actors to exploit. In turn, cybersecurity threats now predominantly target people instead of systems.

Human-centric security addresses this reality by focusing on the risks posed to an organisation’s greatest asset—its people—across all digital channels. “The most damaging cyber risks all centre around humans and their identities,” Dhawan adds. And data supports that claim, with over 90% of breaches involving the human element, emphasising the importance of this strategy

Human-centric security is a comprehensive approach to cybersecurity that places people and their behaviours at the centre of security strategy rather than focusing primarily on networks, endpoints, or applications. It recognises that “threat actors no longer rely on exploiting network ports; instead, they target humans,” underscores Dhawan. “It’s the people that are creating a host of problems for us.”

This paradigm represents the third major evolution in cybersecurity, moving beyond the early perimeter-focused era and the subsequent proliferation of point solutions to create integrated architectures that protect what matters most: infrastructure, applications, data, and the humans who interact with them.

The objective of human-centric security is to mitigate all dimensions of human risk by understanding and addressing the complete spectrum of threats targeting individuals. In simple terms, the focus is on:

• Stopping threats across messaging, collaboration, and social media apps
• Securing SaaS applications and identity posture; preventing data loss with smarter, adaptive data security
• Steering employees toward safer behaviours through educational security guidance

By implementing human-centric security, organisations can protect people and defend data across the various ways employees work—whether using email, collaboration tools, cloud apps, or web services.

The growing relevance of this approach stems from the dissolution of traditional security perimeters, accelerated by remote work trends and digital transformation. According to Forrester research, almost three-quarters of all data breaches involve a human element, making it clear that conventional security measures alone are insufficient. The human attack surface encompasses social and technical aspects, including demographics, vulnerabilities, liabilities, mediums, assets, and contexts that cyber criminals exploit.

Darren Lee, Executive Vice President at Proofpoint, defines human-centric security as “enabling the digital workspace ... We’re delivering advanced, preventive protection for the most important layer in the cybersecurity ecosystem—the human layer.” This shift acknowledges that while technology remains crucial, understanding and addressing human behaviour patterns, workflows, and potential vulnerabilities must be central to effective security strategies.

Traditional cybersecurity relies on perimeter defences like firewalls and antivirus software to block threats at network boundaries. While effective against known risks, these tools struggle with modern attacks targeting human behaviour—the root cause of 88% of breaches. Reactive by design, traditional methods often fail to address phishing, social engineering, or cloud-based identity sprawl, leaving gaps in today’s decentralised work environments.

Human-centric security flips this model by treating people as critical assets rather than vulnerabilities. Instead of rigid rules, it combines behavioural analytics and adaptive training to align security with how employees work. For example, Proofpoint’s AI-driven Nexus platform analyses trillions of daily interactions to detect anomalies in email, SaaS apps, and collaboration tools.

This approach reduces reliance on outdated perimeter defences by focusing on intent—like spotting risky app permissions or unusual data access patterns. It also fosters accountability through tools like Proofpoint’s platform, which automates personalised training for high-risk users, targeting the two-thirds of employees who knowingly put their organisations at risk, according to Proofpoint’s State of Phish Report.

Effective human-centric security requires a holistic strategy that addresses four interconnected pillars to ensure both technical robustness and behavioural resilience. These components work together to mitigate risks while aligning with how people interact with technology.

1. Threat Defence Across Human Channels

Modern threat protection prioritises communication platforms where human-targeted attacks proliferate: email, collaboration tools, social media, and cloud apps. Advanced systems leverage AI to detect multistage social engineering campaigns, credential phishing, and emerging threats like voice-based scams (vishing). By analysing behavioural patterns and correlating risks across digital workspaces, organisations can preemptively block attacks before they reach users.

2. Context-Aware Data Protection

Data security strategies must distinguish between accidental exposure and malicious intent. Human-centric systems apply dynamic policy enforcement based on user roles, data sensitivity, and workflow context. This approach reduces operational friction by minimising unnecessary alerts while automatically preventing high-risk actions like unauthorised file sharing or accidental cloud misconfigurations.

3. SaaS and Identity Risk Mitigation

As organisations grapple with SaaS sprawl and decentralised workforces, securing identity ecosystems becomes critical. Effective programmes continuously monitor authentication patterns, enforce least-privilege access, and identify overexposed attack paths in cloud environments. This includes automating permission reviews and detecting anomalous token usage to prevent lateral movement by compromised accounts.

4. Continuous Behavioural Reinforcement

Moving beyond compliance checklists, human-centric guidance embeds security coaching into daily workflows. Risk-adaptive training platforms deliver micro-lessons during high-exposure moments-such as when users interact with suspicious links-to reinforce safe practices. Personalised learning paths, informed by individual threat exposure histories, drive measurable behaviour change and reduce susceptibility to social engineering.

By integrating these components, organisations create a defence-in-depth strategy that hardens technical postures while fostering a security-conscious workforce. This dual focus ensures protection evolves alongside both attacker innovation and the dynamic ways people work.

Human-centric security strategies prioritise people as critical components of cybersecurity resilience, addressing vulnerabilities that purely technical solutions often miss.

1. Enhanced Security Posture

Focusing on human factors reduces 95% of cyber incidents linked to human error. Behavioural analytics tools monitor user activity—such as SaaS app permissions or anomalous login patterns—to detect threats like credential misuse or phishing attempts. Pairing this with adaptive training programmes, which tailor simulations to individual risk profiles, can reduce phishing susceptibility.

2. Stronger Security Culture

A human-centric model fosters a culture where employees transition from liabilities to active defenders. Gartner reports that organisations with a resilient security culture see 30% fewer security incidents than those without one. This shift ensures employees recognise threats like vishing or BEC and proactively report them.

3. Proactive Risk Mitigation

Human-centric security shifts organisations from reactive firefighting to predictive threat management. By leveraging behavioural analytics and AI-driven tools, companies can detect and mitigate risks before they escalate into full-blown incidents. This approach allows security teams to identify potential vulnerabilities in human behaviour and address them proactively.

4. Improved Operational Efficiency

Aligning security measures with human workflows minimises friction and improves operational efficiency. Context-aware protections and intuitive security tools reduce inadvertent disruptions to daily tasks while maintaining a high level of security. An operationally conscious approach enhances productivity while encouraging employees to actively participate in security practices.

5. Reduced Inside Threats

Human-centric approaches mitigate both accidental and malicious insider threats. Tailored training programmes address negligence, while behavioural analytics identify anomalies like unauthorised data access or unusual file transfers.

By prioritising human behaviour alongside technology, organisations align with Gartner’s projection that 50% of CISOs will adopt human-centric strategies by 2027. This shift transforms vulnerability into resilience, ensuring people become the cornerstone of cybersecurity defence.

Implementing human-centric security requires organisations to navigate complex cultural and operational shifts while balancing technological innovation with human behaviour. Below are key challenges highlighted by industry research and cybersecurity practices:

Cultural Shifts Required

Transitioning to human-centric security demands a fundamental change in organisational mindset. Traditional models often treat employees as vulnerabilities to control, but modern approaches require fostering shared responsibility where every individual actively participates in threat mitigation.

According to Proofpoint’s 2024 State of the Phish report, 96% of employees knowingly carry out risky actions despite understanding the security risks, with 71% admitting to behaviours like reusing passwords or clicking suspicious links. Success hinges on moving beyond punitive measures to strategies that build trust—such as transparent communication, non-punitive error reporting, and role-specific training.

Balancing Technology and Humanity

Human-centric security relies on advanced tools like AI-driven behavioural analytics, but organisations must avoid over-reliance on technology at the expense of usability. A Gartner survey revealed that 74% of employees bypass security protocols that hinder productivity, highlighting the risk of friction-heavy solutions.

Proofpoint’s Nexus platform addresses this by embedding threat detection into everyday workflows (e.g., email and collaboration tools), ensuring protections adapt to user context without disrupting productivity. However, maintaining this balance remains challenging. For instance, multifactor authentication (MFA) improves security but can frustrate users if poorly implemented.

Measuring and Sustaining Behavioural Change

Quantifying the impact of human-centric initiatives poses another hurdle. While tools like Proofpoint’s Attack Index help prioritise risks by analysing threat volume and user vulnerability, organisations often struggle to correlate training investments with reduced breach rates.

Continuous adaptation is critical, as threat actors constantly refine social engineering tactics. Proofpoint’s ZenGuide automates personalised learning paths for high-risk users, but sustaining engagement over time requires ongoing innovation to keep training relevant.

Addressing Identity Sprawl

The proliferation of cloud apps and collaboration tools has led to identity sprawl, where users manage dozens of credentials across platforms. This complexity increases the attack surface. Human-centric security solutions must streamline access governance without overwhelming users. This underlying challenge is addressed by Proofpoint’s extended protection to platforms like Slack and WhatsApp that demand seamless integration with existing workflows.

Addressing High-Risk Users

“Everyone could pose risk to a business, but some users tend to be a higher risk than others,” warns Sarah Pan, Sr. Product Marketing Manager of Proofpoint. Organisations must pay special attention to high-risk users who pose significant security threats. Based on insights from Proofpoint’s research, three types of users represent the biggest risk:

• Click-happy users: Prime targets for phishing and social engineering attacks; these individuals are prone to clicking links or attachments in emails without proper verification.
• Frustrated users: Employees who view security measures as barriers to productivity often try to circumvent controls, potentially exposing the organisation to risks.
• Negligent users: These employees believe security is not their responsibility, often disregarding best practices and only completing mandatory training without internalising its importance.

To mitigate risks associated with these user types, organisations should implement targeted training programmes, use behavioural analytics to identify risky patterns, and create a security culture emphasising shared responsibility.

Human-centric security requires a unified approach that prioritises both technical defences and human behaviour insights. Below is a current implementation strategy aligned with modern organisational needs and evolving threat landscapes.

1. Deploy Multi-Channel Threat Defence

Begin by identifying Very Attacked People—high-risk employees targeted through email, collaboration tools, or social media. Implement AI-driven threat detection systems that analyse communication patterns across these channels to block advanced attacks like QR code phishing, HTML attachment exploits, and AI-generated social engineering. Modern platforms use ensemble AI models to correlate risks in real time, neutralising threats pre-delivery and updating defences even if malicious links evolve post-delivery.

Key actions:

• Map attack surfaces across messaging, cloud apps, and collaboration platforms.
• Use behavioural analytics to prioritise protection for high-exposure roles (e.g., finance, executives).
• Automate threat containment with models that adapt to new attack vectors, such as voice scams.

2. Enforce Context-Aware Data Protection

Shift from rigid data loss prevention rules to adaptive policies that distinguish accidental exposure from malicious intent. Systems should classify data dynamically based on user roles, workflow context, and data sensitivity. For example, automatically block unauthorised file transfers in cloud storage while allowing approved sharing in regulated channels.

Key actions:

• Apply intent analysis to dramatically reduce false positives compared to traditional DLP.
• Integrate data lineage tracking to monitor sensitive information across SaaS apps.
• Align controls with compliance standards (GDPR, HIPAA) without hindering productivity.

3. Secure SaaS & Identity Ecosystems

Combat SaaS sprawl and identity risks by unifying access controls across hybrid environments. Implement continuous monitoring for authentication anomalies, over-privileged accounts, and misconfigured cloud permissions. Automated systems should enforce least-privilege access and revoke stale credentials to limit lateral movement.

Key actions:

• Conduct quarterly access reviews for critical SaaS applications.
• Detect and remediate exposed attack paths in cloud environments.
• Integrate identity fabrics to streamline authentication across legacy and modern systems.

4. Deliver Continuous Behavioural Guidance

Replace annual compliance training with adaptive learning that embeds security coaching into daily workflows. Use risk profiles to trigger micro-lessons during high-risk moments—like when employees interact with suspicious links—and provide real-time feedback through simulated phishing campaigns.

Key actions:

• Automate enrolment in targeted training based on individual threat exposure.
• Recognise and reward secure behaviours via employee dashboards.
• Measure success through phishing susceptibility rates, not just completion metrics.

Sustaining the Programme

• Benchmark and adapt: Compare security postures against industry peers and adjust controls quarterly.
• Foster accountability: Equip leadership with metrics quantifying human risk (e.g., click-through rates, access policy violations).
• Cultivate resilience: Build blame-free reporting channels and celebrate teams that demonstrate secure practices.

This framework transforms human-centric security from a reactive checklist to a proactive strategy, aligning technical controls with the realities of how people work. By focusing on these four pillars, organisations can simultaneously harden defences and empower employees to act as informed safeguards against evolving threats.

The realm of human-centric security is moving fast, driven by technological advancements and shifting organisational priorities. The focus on integrating human behaviour with advanced security frameworks has become paramount as cyber threats grow increasingly sophisticated. Below are key trends shaping the future of human-centric security.

AI and Machine Learning Integration

Artificial intelligence and machine learning are revolutionising human-centric security by enabling real-time behavioural analytics and predictive threat detection. Modern systems now leverage AI to establish baseline user behaviours, flag anomalies, and automate responses to suspicious activities. Machine learning models also personalise security training by adapting content to individual risk profiles.

The shift toward explainable AI (XAI) is critical for maintaining trust in these systems. Security teams require transparent AI decision-making processes to validate alerts and avoid misinterpreting false positives. Organisations like IBM emphasise the need for human-AI collaboration, where machine learning augments—rather than replaces—human expertise in threat analysis.

Continuous Threat Exposure Management (CTEM)

CTEM is a proactive approach to cybersecurity that prioritises real-time risk assessment and mitigation. It provides a holistic view of organisational threats that enables teams to prioritise risks based on potential impact. Gartner notes that CTEM helps organisations “walk the tightrope” between resource constraints and evolving threats by dynamically adjusting security postures.

This framework aligns with human-centric principles by focusing on user-centric risks, such as phishing susceptibility or misconfigured access rights, rather than solely on technical vulnerabilities. Its emphasis on continuous monitoring dovetails with identity fabric architectures, which unify access controls across hybrid environments. By correlating threat data with user behaviour analytics, organisations can rapidly isolate compromised accounts and minimise breach impacts.

Identity Fabric and Zero Trust Convergence

Identity fabric architectures are emerging as a cornerstone of human-centric security, particularly in multi-cloud environments. This framework integrates disparate identity and access management (IAM) tools into a unified system, providing centralised visibility into user privileges and activities.

The synergy between identity fabric and Zero Trust models is particularly transformative. Zero Trust’s “never trust, always verify” principle relies on continuous authentication, which identity fabrics facilitate through adaptive risk assessments. For example, AI-powered identity fabrics evaluate contextual factors like device posture and geographic location in real time, dynamically adjusting access permissions.

Platform Consolidation and Composable Security

The trend toward cybersecurity platform consolidation and integrated security stacks addresses the challenges of tool sprawl and operational complexity. Consolidated systems provide holistic visibility and enable security teams to correlate data across endpoints, networks, and identities more effectively. This translates to simpler security protocols for employees—fewer passwords to remember and unified dashboards for reporting incidents.

Composable security architectures complement consolidation by offering modular, adaptable frameworks. Gartner predicts that 50% of core business applications will adopt composable designs by 2027, necessitating security systems that can dynamically reconfigure based on evolving threats. This modularity supports human-centric strategies by allowing organisations to deploy context-aware controls—for instance, stricter authentication requirements for high-risk transactions while maintaining seamless access for routine tasks.

Continuous Learning and Adaptive Training

Anticipated to reach $10 billion by 2027, the security awareness training market reflects a growing recognition that static, annual training programmes are inadequate. Future-focused organisations are adopting continuous learning models where employees receive micro-lessons tailored to emerging threats. For example, CISA’s Federal Cyber Defense Skilling Academy emphasises hands-on simulations that mirror real-world attack scenarios, fostering muscle memory for incident response.

Advanced platforms now integrate training with behavioural analytics, automatically enrolling high-risk users in targeted modules. If an employee repeatedly fails phishing simulations, the system might assign mandatory workshops on email verification techniques. This closed-loop approach ensures training evolves alongside both organisational needs and attacker tactics.

Proofpoint delivers human-centric security through continuous innovation, deploying 80+ advancements in the past year alone to counter evolving threats like QR code phishing, malicious HTML attachments, and AI-generated social engineering. At the core of this approach is Nexus, an ensemble of AI models combining machine learning, computer vision, and proprietary language models. Unlike single-point solutions, Nexus operates across the entire threat lifecycle-blocking attacks pre-delivery, neutralising post-delivery risks via behavioural AI, and updating defences in real time even if malicious links evolve before being clicked.

This defence-in-depth strategy ensures protection adapts to both known and emerging tactics. For example, Proofpoint’s inline language model deciphers attacker intent across languages and contexts, while computer vision analyses embedded media like QR codes to preempt image-based scams. The system dynamically updates using trillions of data points from global threat intelligence, enabling it to filter routine threats with classic ML and escalate complex attacks to advanced detection layers.

By unifying pre-delivery semantic analysis, post-delivery adaptive controls, and click-time safeguards, Proofpoint provides end-to-end security that aligns with how modern threats target people. This multi-layered approach transforms human risk into organisational resilience—ensuring employees remain protected as attack methods shift. Contact Proofpoint to learn more.