4 minutes reading
The THRM 2026 Virtual Conference opened by Mr. Pavan Kushwaha (CEO, Threatcop) with a powerful message, establishing that the battleground of modern cybersecurity has shifted from the server room to the human mind. The keynote session served as a comprehensive introduction to Human Risk Management (HRM), a discipline that seeks to bridge the gap between technical defenses and the unpredictable nature of human behavior.
The Why: 90-95% of the Problem
The keynote speakers emphasized a startling reality: while firewalls, antiviruses, and technical systems have become increasingly robust, they are not foolproof. According to the sources, 90% to 95% of successful cyberattacks are now attributed to human factors, occurring either intentionally or unintentionally. Hackers, recognizing that technology is harder to breach, have pivoted to “breaking the trust” of employees through sophisticated social engineering. A prominent example cited was the Scattered Spider group, which has caused significant disruptions in the United States by targeting individuals through vishing (voice phishing) and psychological manipulation.
Book a Free Demo Call with Our People Security Expert
A Diverse Community of Experts
To address these challenges, the conference gathered over 20 speakers from a vast array of sectors, including healthcare, government, state departments, and large logistics enterprises. Notable experts introduced during the welcome note included Mr. Chandan, CISO for the City of Plano; Dr. Sergio E Sanchez and Mr. Lena Kannappan, representing the healthcare sector; and Dr. Sandeep Desai from the Department of Education. This diversity of perspectives ensures that the insights shared are applicable across various regulatory environments, from GDPR to HIPAA.
The Agenda: AI and Beyond Email
The welcome note outlined five core pillars that the conference sessions would explore:
- Automating Human Defense with AI: Moving toward “agentic AI” to achieve greater cyber resilience.
- Assessing Behavior Beyond Email: Recognizing that attackers are now leveraging WhatsApp, SMS, Telegram, Slack, and Teams.
- Training as Practice, Not a Burden: Shifting security awareness away from “red-planned” or ignored videos and toward an engaging, intuitive experience.
- AI-Driven Email Trust: Using AI to counter “beautifully crafted” phishing emails that no longer contain the obvious spelling mistakes of the past.
- Scaling Compliance Training: Leveraging AI to complete complex regulatory trainings effectively and efficiently.
Innovation through Gamification
A unique highlight of the welcome note was the introduction of a gamified learning experience. To move away from the traditional “chore” of security training, the organizers built five interactive games. Attendees were invited to compete, with the top 20 performers entering a lucky draw for an iPad. This initiative reflects the conference’s core philosophy: security training should feel like building a skill rather than checking a box.
Conclusion
The THRM 2026 demonstrates how attackers identify gaps in DMARC records to spoof emails and trick users into resetting passwords or providing multi-factor authentication codes. By the end of the session, the “vibrant community” of over 60 security professionals was prepared to dive into a day of practical insights aimed at transforming the “People Pillar” into an organization’s strongest defense.
