While boardrooms fixate on threat intelligence, zero-days and compliance frameworks, they consistently underestimate the human layer.
pressure – alert overload, 24 / 7 incident response demands and fear of being the person who‘ missed something’. That cognitive and emotional burden doesn’ t just affect wellbeing; it directly degrades security outcomes.
Fatigued analysts miss alerts. Pressured employees cut corners on access controls. Staff afraid of accountability delay reporting incidents – sometimes catastrophically so.
As technology advances, the attack surface widens, but the human nervous system doesn’ t scale with it. Automation and AI tools help, but they also introduce new complexity that staff must interpret and manage – often with inadequate training or support.
Business leaders tend to treat cybersecurity as a technology investment problem. It isn’ t. It’ s equally a people resilience problem. Burnout, fear culture and lack of psychological safety in security teams are as dangerous as an unpatched vulnerability.
The fix isn’ t just better tools – it’ s better leadership, realistic workloads, blameless post-incident cultures and genuine investment in the humans defending the organisation.
Daryl Flack, Partner at Avella Security:
The most overlooked cybersecurity risk facing organisations today is the emerging Quantum Computing threat to cryptographic systems and long-term data security.
Across industries, awareness of quantum risk remains patchy. While some sectors, particularly critical national infrastructure, are beginning to engage, many organisations are still at a very early stage of understanding what quantum capability means for their environments.
For decades, cryptography has been the quiet constant of digital infrastructure. That stability has created a false sense of security, an assumption that encryption‘ just works’ or that it is a problem for the future.
The reality is more immediate. The greatest exposure lies in long-lived and confidential data: legal records, medical research, state secrets and sensitive corporate archives that must remain secure for decades. Adversaries are already pursuing‘ harvest now, decrypt later’ strategies, exfiltrating encrypted data today with the expectation it can be unlocked when quantum capabilities mature.
The transition to quantum-safe cryptography represents a once-in-a-generation shift, and one that is deeply complex. Cryptography is embedded across applications, networks, devices and operational systems, often with limited visibility.
The UK’ s National Cyber Security Centre has set out a clear roadmap – discovery and planning by 2028, migration of priority systems by 2031 and full transition by 2035 – but waiting is not a viable strategy.
Cynthia Overby, Director of Strategic Security Solutions, zCOE at Rocket Software:
Supply chain cybersecurity is all too often being overlooked by organisations, as evidenced by a series of crippling cyberattacks in recent times. 2025 saw several high-profile retailers targeted by financially motivated ransomware groups, with a number of breaches happening in quick succession via the supply chain. This wave of attacks was able to hit so hard because it caught most businesses unprepared.
Indeed, a UK government survey on cybersecurity breaches from 2025 found that just over one in 10 businesses said they reviewed the risks posed by their immediate suppliers( 14 %) and fewer than one in 10 were looking at their wider supply chain( 7 %).
Assessing and protecting the supply chain is a new challenge for most organisations. IDC research revealed that only 61 % of organisations classified as‘ IT modernisation experts’ are actively planning how to address any potential infrastructure supply chain disruptions.
In reality, protecting the supply chain should be a top priority for all enterprises, regardless of the maturity of their IT environment. Organisations need policies and procedures to identify, assess, onboard, monitor and offboard third-party suppliers in order to mitigate supply chain risk. Nothing
26 WWW. INTELLIGENTCISO. COM / MIDDLE-EAST