2 minutes reading
About Chandan Kochhar
Chandan Kochhar is a seasoned cybersecurity executive with over 20 years of experience leading enterprise security, data privacy, and compliance programs. He has a proven track record of aligning security strategy with business objectives, regulatory requirements, and digital transformation initiatives, including AI adoption and governance. Chandan brings deep expertise in human risk management, focusing on security culture, behavior-driven risk reduction, and awareness effectiveness, alongside strengthening traditional security controls. A trusted leader of large, cross-functional teams, he is recognized for his board-level communication, executive influence, and strong governance capabilities spanning third-party risk, audits, M&A cyber due diligence, and post-merger security integration.
The focus of this address is the transition from traditional, completion-based compliance training to a more sophisticated, outcome-based strategy that utilizes AI to measure behavioral change. For years, organizations have relied on quiz scores and completion rates to satisfy auditors, often tracking these metrics in manual, tedious spreadsheets or Excel files. However, the sources argue that these “checkbox” metrics do not accurately reflect an organization’s actual risk. Instead, the modern approach focuses on “real-world signals,” such as lower phishing click rates, fewer repeat violations, and the frequency with which employees report incidents. By leveraging AI to connect training to these tangible results, compliance becomes a proactive tool for risk reduction rather than a reactive annual task.
Key Points:
- “AI lets us prove behavioral change not just course completion”.
- “A librarian… their threat surface may be completely different versus someone… as an investigator in police department”.
Content: Proving ROI through Behavioral Data
Mr. Kochhar emphasizes that AI allows for “continuous measurement” of risk instead of relying on a static annual snapshot. This data-driven approach allows security leaders to track ongoing risk scores and correlate them with changes in incident patterns.
Furthermore, he highlights the importance of “predictive risk indicators” enabled by AI, which can flag anomalies such as spikes in data uploads to external tools or delays in acknowledging security policies. This allows compliance teams to intervene before a violation actually occurs, shifting the paradigm from reaction to prevention.
In the public sector, this transparency is vital for demonstrating Return on Investment (ROI) to leadership, as it ties better security behavior to lower incident response costs and improved cyber insurance risk. Finally, Mr. Kochhar argues that AI enables “targeted role-specific training,” ensuring that a librarian and a police investigator receive customized content that reflects their unique threat surfaces.
Discuss Your Organization’s Human Risk Challenges – Book a Meeting
