The human layer of security: Your first line of defence

Blog|by Leanne Bevan|2 October 2025

Seven layers of security. Layer 1 - the human layer

As online threats evolve, one thing remains constant: the human element is both the greatest asset and the weakest link in your security chain. As cyber threats become more sophisticated, it is crucial to recognise the importance of the human layer in your defence strategy. Afterall, they’re the guards to your fortress. 

Understanding the human layer and human risk management 

The human layer focuses on training your users to recognise and respond to cyber threats such as phishing, social engineering, and unsafe practices. Human error is a leading cause of security incidents - education is key. 

The importance of security awareness training 

A report by Mimecast found that 95% of data breaches were caused by human error.  Often negligence at spotting phishing and social engineering being the top threats. Despite this, according to a Gov report, only 27% of UK organisations have budget aligned to security awareness training. This highlights a significant gap in how organisations are addressing the threat landscape. 

Test your employee awareness with phishing simulations 

Phishing simulations are an invaluable tool for assessing and training your employees on cyber security. By mimicking real-world phishing attacks, these simulations help employees recognise and respond to potential threats. Thereby reducing the risk of successful cyber-attacks.  

Regular phishing simulations can identify vulnerabilities within your organisation, allowing for targeted training and improvement. Moreover, they foster a culture of vigilance and awareness, ensuring that employees remain alert to the ever-evolving tactics used by cybercriminals.  

Real-world impact 

Consider the case of the Transport for London (TfL) cyber security incident in September 2024, caused by human error after an employee fell victim to a sophisticated phishing attack. This breach led to significant service disruptions across London’s transit network, affecting over 4 million daily commuters and costing TfL an estimated £35-£50 million in recovery costs, compensation claims, and lost revenue. 

Building a strong security culture 

Building a strong security culture requires a comprehensive approach. It’s not just about having the right technology in place; it’s about ensuring that every employee understands their role in maintaining security. Regular training, phishing simulations, and interactive modules can help track and assess how much awareness your employees have on a day-to-day basis. 

Recommended solutions 

Acronis’ security awareness training solution is designed to reduce human risk by educating users on real-world cyber threats. Their platform features interactive content, simulations, gamified learning, and risk scoring, making it easy to deploy and highly effective in enhancing your organisation's cyber security posture. 

CyberSmart Learn is a scalable and customisable security awareness training platform. It offers real-time reporting, an expanded course library, and third-party integration. The upcoming CyberSmart Phish feature will allow you to run realistic phishing campaigns. Educate employees in real time, and track progress with detailed analytics. 

ESET's new cyber security awareness training includes interactive modules, gamified quizzes, and role-playing scenarios to engage users and reinforce learning. ESET's training program covers a wide range of topics, including phishing, malware protection, password security, and email etiquette. The platform also features a phishing simulator to create realistic phishing attacks, helping organisations assess and improve their employees' cyber awareness.  

KnowBe4 provides extensive security awareness training and simulated phishing to help manage social engineering threats. With over 1,000 training modules, their platform aims to reduce human risk and strengthen your security culture. The Smart Groups feature tailored phishing campaigns and training assignments based on user behaviour. 

Libraesva PhishBrain is an advanced anti-phishing solution that uses machine learning to detect and block phishing attempts. It also offers an extensive template library, intuitive editor, and real-time reporting, making it easy to create and manage phishing simulation campaigns. The platform also includes behaviour tracking, "what just happened" explanations, and training moments delivered at the time of the phish to change risky behaviour and support a security-aware culture. 

Invest in human risk management 

As you can see, the human layer of security is a critical component of your overall defence strategy. By investing in human risk management like security awareness training and phishing simulations, you’re fostering a culture of vigilance. Turn your employees into your first line of defence, guarding against cyber threats. 

Not sure which security awareness training and phishing simulation solution is best for your organisation’s needs? Fill out our contact form below.  

Our cyber security team will get in touch of the differences between each of the options and which one is right for you. We even offer a free seven layers of security assessment to help you understand gaps in your security stack and recommendations which solutions can plug the holes and reduce your risk. 

Once you've sorted the human layer, next up is perimeter security.

2 October 2025 | Blog

Contact Grey Matter

If you have any questions or want some extra information, complete the form below and one of the team will be in touch ASAP. If you have a specific use case, please let us know and we'll help you find the right solution faster.

By submitting this form you are agreeing to our Privacy Policy and Website Terms of Use.

Previous post
Strengthen your cyber defences with our new Seven Layers of Security Assessment
Next post
Protect your digital fortress: perimeter security made simple
LinkedIn
Author

Leanne Bevan

Vendor Marketing Manager at Grey Matter

Leanne has been part of our team for over a decade, and has worked as a vendor marketing manager for a number of our key vendors. Now with a keen focus on cyber security as well as developer technologies, Leanne continues to manage marketing across several vendors, including Embarcadero, Acronis, ESET, and more.

Related News

Cyber security in 2025: What we learned and how to stay ahead in 2026

Why human factors, AI, and compliance will define the next era of cyber defence 2025 was a turning point for cyber security. From headline-grabbing breaches to the rise of AI-driven attacks, businesses faced unprecedented challenges. So, what can you learn – and how can...

Blog|22 December 2025
Mapping as a security function

Mapping has become a core part of modern security. Azure Maps and HERE give organisations the privacy, governance and geospatial insight they need to protect data, strengthen threat awareness and secure day-to-day operations.

Blog|19 December 2025
Five insights to strengthen your DevSecOps strategy

Security isn’t an add-on. It’s an integral part of how you build, test, and deliver software. That’s what’s at the heart of DevSecOps – and why it matters for every modern development team.  In season three of Grey Matter Talks Tech, we sat down with Richard Fennell, CTO at Black Marble,...

Blog|17 December 2025
HERE Tour Planning for festive freight

HERE Tour Planning for festive freight turns multi‑vehicle chaos into efficient, on‑time deliveries with fewer miles and happier drivers.

Blog|17 December 2025

Select Your Region

This content may not be available in your selected country.