Human risk moves to the boardroom in an AESYC cybersecurity webinar

As cybersecurity threats continue to evolve, one message is becoming increasingly clear: human risk can no longer be treated as an auxiliary element of cybersecurity. It is a strategic risk that must be governed from the boardroom, alongside financial, operational, and regulatory risks.

This was a central theme of the recent webinar organized by AESYC – Alianza Española de Seguridad y Crisis, where Fernando Mateus, CEO of Kymatio, addressed how organizations can move beyond reactive approaches or awareness-only programs toward measurable, governable, and business-aligned models of Human Risk Management.

The session focused on several key areas shaping today’s risk landscape:

• The need to anticipate and measure human risk as an integral part of the corporate risk map.
• The role of indicators and metrics in avoiding “tick-the-box” security approaches that fail to reflect real exposure.
• The impact of regulatory frameworks such as NIS2 and DORA, which elevate the human factor to a matter of compliance, accountability, and executive responsibility.
• The growing exposure to advanced threats such as vishing, deepfakes, and executive impersonation, where human behavior becomes a primary attack vector.

Designed for Boards of Directors and senior leadership, the webinar provided a space for reflection on how behavior, security, reputation, and business outcomes are increasingly interconnected.

The full session is available on YouTube: https://www.youtube.com/watch?v=19wZ0c_VsNQ

‍