Dr Jason Nurse

Dr Jason Nurse

Reader in Cyber Security, University of Kent

PRESENTATION

Here be Dragons

Exploring The Uncharted Territory of Human Risk Management (HRM) in Cybersecurity

IMPACT2025 logo white

Presentation overview

Security Awareness and Training (SAT) has been the industry standard for decades, yet greater than 60% of breaches still involve a non-malicious human element. Practitioners know the struggle: compliance-focused quizzes, low engagement, and difficulty proving long-term effectiveness. Enter Human Risk Management (HRM), the industry’s hottest new trend. But is HRM a revolutionary data-driven approach, or is it just rebranding to resell old training methods?

In this session, we unpack the first empirical study of HRM in cyber security. Based on in-depth interviews with CISOs and security practitioners, we reveal the real-world state of the market. We will explore conflicting industry perspectives: those who view HRM as a mere marketing relabeling, and those utilising it as a holistic, “”whole-system”” approach that leverages real-time data to predict and mitigate risk. This talk goes beyond the buzzwords to offer a concrete vision for the future of human-centric security. We will discuss moving away from the “”weakest link”” narrative and toward a model of automated, just-in-time behavioral interventions. Attendees will also leave with a clear understanding of the potential barriers to watch out for, such as resource burdens and data complexity, and actionable strategies to transition their organizations from passive awareness to active risk management.

Biography

Dr Jason R.C. Nurse is a Reader in Cyber Security in the Institute of Cyber Security for
Society and the School of Computing at the University of Kent. He also holds the roles of Associate Fellow at The Royal United Services Institute (RUSI), Visiting Fellow in Defence and Security at Cranfield University, and Research Member of Wolfson College, University of Oxford. His research interests include human aspects of cyber security, security culture, cyber harms, ransomware, cyber insurance, and corporate communications and cyber security. Dr Nurse has published over 120 peer-reviewed articles in prestigious security journals, and his research has been featured in national and international media including the BBC, Associated Press, The Wall Street Journal, The Washington Post, Newsweek, Wired, The Telegraph, and The Independent. Prior to joining Kent in 2018, Dr Nurse was a Senior Researcher in Cyber Security at the University of Oxford and before that, a Research Fellow in Psychology at the University of Warwick.