CyAN-Sky Thinking Session # 3 : Humans as the “Weakest Link”: Will the Future of Cyber Security be Einstein’s or Frankenstein’s?

On Thursday 17 December at 9:30 am Brussels / 7:30 pm Sydney, CyAN will hold its third CyAN-Sky Thinking Session on a fundamental issue: we the Humans and our role as a strong element of cybersecurity.

Humans as the “Weakest Link”: Will the Future of Cyber Security be Einstein’s or Frankenstein’s?

Thursday 17 December, 9:30 am Brussels / 7:30 pm Sydney

– A 60′ virtual and interactive session among peers –

The issue

The overwhelming majority of modern cyber threats have one common denominator – people as over 2/3 of all cyber threats involve at least some element of social engineering (i.e., tricking people into doing something they ARE NOT supposed to do; or making them fail to do something they ARE supposed to do).

However, many cybersecurity problems are addressed using technology (i.e., patching with tech approach) and employing “zero-trust” systems, which may often be productivity-inhibiting. As a result, cyber security systems become less and less understandable to humans, but do not become more effective.

Billions are spent annually on new cyber security software, software updates, and cyber security insurance. Security awareness training charge individuals thousands. Yet, cybercrime does not disappear – in fact, the number of cases and damage increases. Key to these issues is the wrong mindset portraying humans as the “weakest link” in the cyber security chains.

The purpose of this panel is to facilitate a broad discussion on how to change this mindset and achieve effective “patching with people” business strategies.


  1. How should employees be motivated to care about cyber security?
  2. Organizations write and approve security policies, which they expect their employees to comply with. Is it possible for these policies to be sufficient given the mismatch between the policy development process and the evolving nature of threats?
  3. Is it possible to train people to spot Phishing messages given the increasing sophistication of these messages?
  4. Ethical hackers are constrained by their ethical code of conduct. Cyber criminals are not. Is this mismatch problematic, in terms of carrying out realistic pen tests?
  5. Should there be consequences to an employee who falls for a Phishing message?
  6. What is the difference between resistance and resilience in cyber security? And – how do we maximise both?
  7. Is there a precedent from other fields for moving towards a Human-as-Solution mindset?

The panelists

Ganna Pogrebna, Professor of Business Analytics & Data Science, Alan Turing Institute and editor of CyberBitsEtc!, Bronwyn Boyle, Head of Security & Assurance, Open Banking, and Karen Renaud, Chair of Cybersecurity at Abertay University, will engage in a dialogue with Peter Coroneos, VP international of CyAN and CEO of ICON Cyber as moderator.

What is a CyAN-Sky Thinking Session ?

It names originates from the blue-sky thinking, which means thinking with an open mind.

In a 1 hour online session, the panellists coming from different parts of the world exchange views and learn from each other. They prepare their intervention to make the conversation as useful as possible to a multi-disciplinary audience of professionals, but they do so with humility by bringing more questions than answers. They speak openly to learn, not to preach. The worst-case scenario is that they get away from the session with fresh ideas and feel energised by the other panellists. The ideal scenario is that they get inspired by the participants from the broader community.

How to participate?

This online session is open to all members of CyAN, but also to other cyber professionals who apply at least 48 hours in advance by email sent to contact[at] The organisers reserve their right to approve or decline the applications.