Cyber ICON 2026: Human Risk Management and real risk measurement in the age of AI

The acceleration of artificial intelligence, the rise of advanced social engineering, and the growing sophistication of attacks such as vishing are forcing organizations to rethink how cybersecurity is governed and managed. In this context, human risk is no longer a tactical concern, but a structural variable in security decision-making and corporate governance.

This perspective shaped the session
“Human Risk Management in the Age of AI: From Simulation to Real Measurement”,
held at Cyber ICON 2026, where Fernando Mateus, CEO of Kymatio, and Miguel Olías de Lima, Senior Manager in Cybersecurity at Deloitte, shared practical insights into how organizations are evolving toward more mature, measurable, and business-aligned human risk management models.

The discussion emphasized the importance of integrating human risk into the overall cybersecurity strategy, rather than addressing it in isolation or through reactive approaches. Measuring behavior and real exposure to risk was highlighted as a critical foundation for prioritizing decisions, allocating resources, and aligning security initiatives with business objectives.

Emerging threats such as executive impersonation, AI-driven attacks, and increasingly realistic vishing campaigns further underline the need for preventive, data-driven models that go beyond traditional awareness programs or disconnected simulation exercises.

Forums like Cyber ICON reinforce the shift toward a more strategic approach to cybersecurity one that treats people, processes, and technology as a single, governable system, closely connected to the real risk landscape organizations face today.

We would like to thank Cyber ICON and all professionals who took part in the session for contributing to a necessary and timely conversation on the future of Human Risk Management.