• About
  • Subscribe
  • Contact
Thursday, May 8, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Management Leadership

Overcome the five poisons (Kleshas) of human risk management

Jinan Budge by Jinan Budge
December 17, 2024
Photo by MART PRODUCTION: https://www.pexels.com/photo/team-of-businesspeople-looking-at-a-computer-monitor-8872390/

Photo by MART PRODUCTION: https://www.pexels.com/photo/team-of-businesspeople-looking-at-a-computer-monitor-8872390/

I am thrilled to announce Forrester’s Human Risk Management (HRM) Solutions Wave which evaluates the nine most significant vendors in the HRM space. This Wave looks nothing like its predecessor, The Forrester Wave: Security Awareness And Training Solutions, Q1 2022, reflecting the fact that today’s HRM solutions look nothing like the Security Awareness and Training (SA&T) solutions of the past.  

Jinan Budge
Jinan Budge

The Kleshas

Patañjali‘s Yoga Sūtras identifies poisons, or afflictions, which are said to be the causes of suffering – the five Kleshas. These are ignorance, ego, attachment, avoidance, and fear of death. While they’re natural human conditions, they can hold us back. In yoga, understanding the Kleshas means identifying the mental patterns that hold us back as the first step in overcoming them.   

We started the evaluation in knowing that vendors and customers were at different stages of HRM adoption. What I didn’t realize then was how much resistance we would face, depending on where vendors were in achieving their own vision of HRM. As a leader, you need to understand the source of these five Kleshas to move towards a future that frees employees from security friction, influences security behavior, and instils a culture driven by data and evidence.

As a leader, you need to understand the source of these five Kleshas to move towards a future that frees employees from security friction, influences security behavior, and instils a culture driven by data and evidence.

The five Kleshas of HRM

1. Avidya / ignorance – “human risk management is just rebranded SA&T”.  Far from the negative connotation, “ignorance” can simply mean to not know. I spent some time in this Klesha until I learned, and was able to articulate, the significant strategy, process, and technology shift of this new market. Many of my clients are in this Klesha, especially in parts of the world that lack more progressive HRM vendors and solutions. I proudly spend many of my hours helping them understand the new market.  

But not all vendors (or “influencers”) got the memo that HRM is now a distinct, well-defined, and expanding market. Be wary of vendors that suggest HRM is simply a rename of an old market (SA&T). Look for those that had the vision 2 years ago to anticipate and evangelize a better approach and future. Some vendors have made significant community contributions to advance the strategic direction of HRM, and built differentiated, free-for-all tools, models, and databases that demonstrate what the future looks like in practice.   

2. Asmita / ego – “we know what people need, and we’ve been very good at it – more training!”  Ego is a person’s or entity’s sense of self-importance. Instead of focusing on asking questions about the purpose of training, and whether it is truly succeeding at changing behavior and instilling a culture, some vendors use their size or prior success as proof that the market can continue to focus on training.   

Differentiate size from actual capability.

Differentiate size from actual capability. Look for vendors that assume that advanced HRM capabilities are suitable for every customer, have a healthy pipeline in these advanced offerings, and invest in driving adoption. Some vendors plan on offering human risk scores to each customer to show them what’s possible, while others are investing in educating and rewarding frontline staff such as sales and customer success who progress customers on a HRM maturity journey.   

3. Raga / attachment – “we all know that training people results in better outcomes.”  We don’t.  As an industry we’ve shown that we’re terrible at demonstrating the effectiveness of training. Yet we attach ourselves to statements that make us feel good because they are easy, well-ingrained, or required by outdated regulations.   

Rather than focusing on all the reasons you should continue with your SA&T, look for vendors that can show you HRM metrics which demonstrate behavioral change, risk reduction, or an improvement in overall security posture. Look for how security behaviors across the spectrum of security categories (email, social engineering, endpoint, etc.) have changed as a result of your interventions. Ask to see how behavioral change reduces the likelihood of cyber risks occurring, as well as how you can measure the impact of the risk or change the overall security posture.   

4. Dvesha / avoidance – “customers aren’t asking us about HRM.” This affliction involves avoiding situations which require extra resources, hard work, or moving towards a new future. It’s normal human behavior, as it can protect us from over committing and over investing – not everyone can afford to be an early adopter. However, be aware that inaction has consequences.  

Look for vendors that built their HRM capabilities long before you asked about them because they knew it was the right thing to do. They now use a comprehensive and accurate methodology to quantify human risk, which considers four key points – individuals’ actual behaviors, identity, personal attack exposure, and security knowledge and sentiment. These vendors invested in integrations to obtain data and drive interventions.  

5. Abhinivesha / fear of death – “Hold on to well established slogans – they’ve served us well.”  We can both reduce our reliance on people to protect themselves and our organizations and reduce the friction we’re imposing on them at the same time. For most of us, the thought of dying is scary and manifests as an instinctual survival drive. This means clinging to what’s familiar, even when these no longer serve one’s growth.   

Look for vendors that have demonstrated a track record and investment strategy for innovation in the more strategic elements of HRM. For example, all vendors will be investing their generative AI budgets to produce more/better content, but fewer are investing in behavioral prediction, which is where we need to invest to move to HRM.   

Originally posted on Forrester

Related:  CX not tech and channels key to 2020 success
Tags: ForresterHRM adoption
Jinan Budge

Jinan Budge

Jinan Budge leads Forrester’s security and risk research in Asia Pacific. Her research focuses on enabling chief information security officers (CISOs) and technology executives to lead a high-performing security organisation and culture. Budge globally leads Forrester’s awareness, behaviour, and culture coverage, using strategic and innovating thinking to shape the market. She is also an advocate for diversity and inclusion in security. Budge focuses on ensuring that cybersecurity teams not only attract but also retain the best talent, and she brings a local and global perspective and cultural lens to her research and practice. Previous Work Experience Budge’s research remains pragmatic, as she recently returned to Forrester after several years as director of cyber strategy at Transport for NSW and a similar role with Qantas Airlines. She has built, stood up, and delivered significant Cyber Transformation strategies across the public and private sectors. She is an experienced people leader and international keynote speaker, and she's passionate around her purpose in the security field. Education Budge holds two bachelor’s degrees in science and commerce from the Australian National University.

No Result
View All Result

Recent Posts

  • ARTHALAND chooses OutSystems to advance real estate sustainability
  • Experts warn against AI-powered deepfake impersonation scams
  • Dropbox updates universal search and knowledge management product
  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe