International Cyber Expo International Cyber Expo
  • About Us
Friday, 17 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

CISOs say boardrooms still don’t grasp the human cyber risk AI is supercharging

by Guru Writer
July 17, 2026
in News
CISOs say boardrooms still don’t grasp the human cyber risk AI is supercharging
Share on FacebookShare on Twitter

More than three-quarters of European CISOs believe their C-suite doesn’t fully understand the cyber risk posed by their own employees, a gap that’s widening just as AI makes attacks on human judgement faster, more convincing and harder to spot.

That’s according to new research from MetaCompliance, the human cyber risk management firm, which polled 200 CISOs across the UK, France, Germany and Sweden. The picture it paints is of security leaders trying to hold the line on human-layer risk without the consistent senior backing, clear ownership, or shared understanding they need to do so.

AI is changing what CISOs are worried about

The survey found that among CISOs who feel less confident about their organisation’s cyber resilience than they did a year ago, AI-enabled social engineering was the single biggest reason cited, named by almost half of that group. It’s a sign that attackers are moving away from crude, easily-spotted phishing and towards convincing impersonation and fraud attempts generated at scale.

Employees, unsurprisingly, remain squarely in the firing line. More than two in three CISOs still rank their own staff as the biggest security risk to the business, suggesting AI isn’t creating a new problem so much as turbocharging an old one.

Specific concerns bear that out:

  • Over 40% of CISOs are worried AI is increasing the speed and impact of social engineering attacks
  • 40% fear staff are feeding sensitive data into generative AI tools
  • 41% are concerned about malicious insiders using AI to enable fraud, cybercrime or data theft
  • In the UK specifically, deepfake impersonation stands out as a top worry — more than half of UK CISOs flagged it as a major threat, the highest figure of any country in the study

Support from the top doesn’t stick

Where the research gets more uncomfortable for boardrooms is on backing. Almost four in five CISOs (79%) say leadership enthusiasm for security awareness programmes tends to fade once the initial push is over, and 76% say they’re stuck trying to satisfy different stakeholders who all want different human-risk metrics. Roughly a quarter point to cross-functional alignment as one of the areas they feel least confident managing.

James Mackay, CEO of MetaCompliance, said AI has changed the stakes: “Attackers are no longer relying on obvious scams or poorly written phishing emails. They can now create highly convincing impersonation attempts, social engineering attacks and fraudulent communications at scale.”

He argued that puts a premium on sustained executive engagement rather than one-off initiatives: “Human cyber risk is no longer just an awareness issue or a training issue; it is a strategic business risk… If leadership support fades after the initial push, organisations are left exposed.”

Where CISOs go from here

Improving resilience against AI-driven social engineering is now a stated priority for the year ahead, with close to a quarter of CISOs naming it as a key focus. Mackay suggested the shift needs to be structural rather than seasonal: organisations that fare best will treat human risk as an ongoing management discipline rather than a periodic training exercise, giving employees real-time, contextual support at the moment a risky decision is actually being made, rather than relying solely on annual training modules.

The findings come at a moment when AI-generated phishing, deepfake voice and video, and synthetic impersonation are becoming difficult to distinguish from genuine communications — putting fresh pressure on security teams to secure top-level buy-in before the next wave of attacks arrives.

ShareTweet
Previous Post

AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

Recent News

CISOs say boardrooms still don’t grasp the human cyber risk AI is supercharging

CISOs say boardrooms still don’t grasp the human cyber risk AI is supercharging

July 17, 2026
AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

July 16, 2026
Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

July 15, 2026
Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

July 15, 2026

Eskenzi PR banner ad

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol