{"id":13598,"date":"2026-02-19T11:30:00","date_gmt":"2026-02-19T06:00:00","guid":{"rendered":"https:\/\/threatcop.com\/blog\/?p=13598"},"modified":"2026-02-19T11:51:53","modified_gmt":"2026-02-19T06:21:53","slug":"measuring-human-risk-in-security-program","status":"publish","type":"post","link":"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/","title":{"rendered":"Identifying and Measuring Human Risk in Your Security Program"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Many organizations can instantly report patch compliance, endpoint protection, or the status of firewalls. However, they aren\u2019t able to answer a critical question: \u201cHow exposed are our people right now?\u201d&nbsp;<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Despite having robust security measures, human risk often remains unreported and unmeasured. While organizations lay their entire focus on the technical side, leaving the human side unchecked and vulnerable. Therefore, there lies a significant gap in measuring human risk in cybersecurity.<\/span><\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 ez-toc-wrap-center counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #414141;color:#414141\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #414141;color:#414141\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/#Why_Measuring_Human_Risk_Matters\" >Why Measuring Human Risk Matters?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/#What_Constitutes_Human_Risk_in_Cybersecurity\" >What Constitutes Human Risk in Cybersecurity?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/#Common_Blind_Spots_in_Human_Risk_Visibility\" >Common Blind Spots in Human Risk Visibility<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/#Framework_for_Measuring_Human_Risk\" >Framework for Measuring Human Risk<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/#Key_Metrics_for_Human_Risk\" >Key Metrics for Human Risk<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/#Building_a_Continuous_Human_Risk_Monitoring_Process\" >Building a Continuous Human Risk Monitoring Process<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/#Aligning_Human_Risk_Measurement_with_Compliance\" >Aligning Human Risk Measurement with Compliance<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/#Tools_and_Platforms_to_Support_Human_Risk_Measurement\" >Tools and Platforms to Support Human Risk Measurement<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/#Conclusion_Turning_Data_Into_Action\" >Conclusion: Turning Data Into Action<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">The smallest of errors, intentional or unintentional, can lead to a cybersecurity breach, disrupting the financial state of organizations. This lack of human-layer risk visibility can allow attackers to bypass even the most sophisticated and advanced systems. In this blog, we will discuss human risk metrics, how to identify them, and steps you can undertake to reduce attacks due to human error.&nbsp;<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_Measuring_Human_Risk_Matters\"><\/span><span style=\"font-weight: 400; color: #000000;\"><strong>Why Measuring Human Risk Matters?<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">\u201cYou can\u2019t manage anything without measuring it\u201d. This works in cybersecurity, also. Without measuring the <a href=\"https:\/\/threatcop.com\/blog\/human-factors-in-cybersecurity\/\">human risk metrics<\/a>, organizations will remain blind to the potential security risks.\u00a0<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">For example, a <a href=\"https:\/\/threatcop.com\/blog\/what-is-phishing-how-to-prevent-it\/\">phishing attack<\/a> has been successful in bypassing multi-factor authentication (MFA). Why, because an employee of yours has clicked on a fraudulent link. Even though your organization had robust technical measures to safeguard against sophisticated attacks, a small error from a human nullified every security control. Thus, people security management should be a crucial part of your cybersecurity programs.\u00a0<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Continuous human risk management can allow you to identify specific vulnerabilities and develop targeted solutions to them, instead of depending on a one-size-fits-all training program.&nbsp;<\/span><\/p>\n\n\n\n<!DOCTYPE html>\n<html lang=\"en\">\n\n<head>\n    <meta charset=\"UTF-8\">\n    <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n    <title>Document<\/title>\n<\/head>\n\n<style>\n    .interestedBtn {\n        width: 70% !important;\n        box-sizing: border-box !important;\n        display: inline-block !important;\n        padding: 11px !important;\n        border: 1px !important;\n        border-color: #ddd !important;\n        margin-top: 10px !important;\n        background-color: #fff !important;\n        background-image: none !important;\n        text-shadow: none !important;\n        color: #000 !important;\n        font-size: 14px !important;\n        line-height: 20px !important;\n        border-radius: 5px !important;\n        margin: 0 !important;\n        cursor: pointer !important;\n    }\n\n\n.formSec .formSecTwo{\n    padding-top: 30px !important;\n}\n\n\n    .tnp-email {\n         width: 70% !important;\n    box-sizing: border-box;\n    padding: 8px 10px;\n    display: inline-block;\n    border: 1px solid #ddd;\n     background: #183e8b;\n    color: #fff !important;\n    font-size: 13px;\n    line-height: 20px;\n    border-radius: 2px;\n    padding-right: 30px;\n    margin-bottom: 0px;\n\n    }\n\n    .formSec {\n        float: left !important;\n        width: 55% !important;\n    }\n\n    .mainBox {\n            background: #183e8b;\n        max-width: 600px !important;\n        margin: 0 auto !important;\n        padding: 20px !important;\n        font-family: Arial, Helvetica, sans-serif !important;\n    }\n\n    .boxDiv {\n        display: flex !important;\n    }\n\n    .boxConsult {\n        float: left !important;\n        width: 45% !important;\n    }\n\n    .formSecTwo {\n        text-align: right !important;\n        width: 100% !important;\n    }\n\n    .formHeading {\n        font-family: Arial, Helvetica, sans-serif;\n        margin-top: 0px;\n        font-weight: 700;\n        line-height: 25px;\n        font-size: 18px !important;\n        margin-bottom: 70px;\n       margin-bottom: 70px !important;\n       color: white !important;\n          margin-top: 0px !important;\n    }\n\n    .fieldHeading {\n        margin: 0 !important;\n        font-size: 13px !important;\n        text-align: left !important;\n        margin: 0px 39px 2px 93px !important;\n        font-weight: 500 !important;\n    }\n\n    .image {\n        max-width: 100% !important;\n        height: auto !important;\n    }\n\n     .email-icon {\n            position: absolute;\n            right: 10px;\n            top:18px;\n            transform: translateY(-50%);\n            pointer-events: none; \/* Make sure the icon doesn't block clicking on the input *\/\n        }\n\n          .email-container{\n             position: relative;\n         \n        }\n       \n\n        .email-icon img{\n                 width: 15px;\n        }\n\n\n         input::placeholder {\n            color:white;\n        }\n\n    @media screen and (max-width: 480px) {\n        .boxDiv {\n            display: block !important;\n            padding: 15px !important;\n         \n        }\n\n        .image{\n            width: 60% !important;\n        }\n        .fieldHeading {\n            text-align: left !important;\n            margin: unset !important;\n        }\n\n        .boxConsult {\n            width: unset !important;\n            float: none !important;\n        }\n\n        .mainBox {\n            border: unset !important;\n        }\n\n        .formSec {\n            float: unset !important;\n            width: 100% !important;\n        }\n\n        .formSecTwo {\n            text-align: center !important;\n        }\n\n        .tnp-email {\n            width: 100% !important;\n        }\n\n        .formHeading {\n            margin-bottom: unset !important;\n        }\n\n         .email-icon {\n            position: absolute;\n            right: 10px;\n            top: 50%;\n            transform: translateY(-50%);\n            pointer-events: none; \/* Make sure the icon doesn't block clicking on the input *\/\n        }\n       \n        .email-container{\n             position: relative;\n        }\n\n    }\n<\/style>\n\n<body>\n\n    <div class=\"mainBox\" box-sizing:=\"\" border-box;=\"\">\n\n        <div class=\"boxDiv\">\n\n            <div class=\"boxConsult\">\n                <div>\n                    <h3 class=\"formHeading\" style=\"margin-top: 0;\">\n                        Book a Free Demo Call with Our People Security Expert<\/h3>\n                <\/div>\n                <img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/marketing\/vector.svg\" class=\"image\">\n            <\/div>\n\n            <div class=\"formSec\">\n                <div class=\" formSecTwo\">\n                    <div class=\"tnp tnp-subscription-minimal\">\n                        <form action=\"https:\/\/threatcop.com\/thankyou-blog\" method=\"get\" target=\"_blank\">\n                            <div class=\"email-container\" style=\"margin-bottom: 15px;\">\n\n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"FullName\" value=\"\"\n                                    placeholder=\"Full Name\">\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/marketing\/icon1.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n\n                            <div class=\"email-container\" style=\"margin-bottom: 15px;\">\n                               \n                                <input class=\"tnp-email\" type=\"email\" required=\"\" name=\"email\" value=\"\"\n                                    placeholder=\"Corporate Email Id\">\n                                     <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/marketing\/icon2.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n\n                            <div class=\"email-container\" style=\"margin-bottom: 15px;\">\n                               \n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"CompanyName\" value=\"\"\n                                    placeholder=\"Company Name\">\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/marketing\/icon3.svg\" class=\"img-fluid\" \/><\/span>\n\n                            <\/div>\n\n                            <div class=\"email-container\">\n                               \n                                <input class=\"tnp-email\" type=\"number\" required=\"\" name=\"Phone\" value=\"\"\n                                    placeholder=\"Phone No.\"><br>\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/marketing\/icon4.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n                            <input type=\"hidden\" name=\"BlogForm\" value=\"BlogForm\"><br>\n                            <input class=\"tnp-submit interestedBtn\" name=\"submit\" type=\"submit\"\n                                value=\"SUBMIT\">\n\n                        <\/form>\n                    <\/div>\n                <\/div>\n            <\/div>\n\n        <\/div>\n    <\/div>\n\n<\/body>\n\n<\/html>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_Constitutes_Human_Risk_in_Cybersecurity\"><\/span><span style=\"font-weight: 400; color: #000000;\"><strong>What Constitutes Human Risk in Cybersecurity?<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Human risk in cybersecurity means the potential impact of users&#8217; actions or inactions that can compromise an organization&#8217;s security. It could be anything from a lapse in judgment due to pressure to poor adherence to security policies and ignoring red flags. Key areas of human risk in cybersecurity are:&nbsp;<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400; color: #000000;\"><strong>Decision Making Under Pressure<\/strong><\/span><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">An employee can make a wrong move in a stressful situation. He\/she can approve a fraudulent MFA prompt, providing access to malicious actors.&nbsp;<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400; color: #000000;\"><strong>Poor Data Storage Practices<\/strong><\/span><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Storing important data on unsecured devices can leave organizations vulnerable to cyberattacks. Furthermore, sending encrypted emails also puts organizations at risk.&nbsp;<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400; color: #000000;\"><strong>Ignoring Suspicious Requests<\/strong><\/span><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">A lack of attention when approving requests from external sources or even from colleagues can result in data breaches and financial loss.&nbsp;<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400; color: #000000;\"><strong>Not Adhering to Security Policies<\/strong><\/span><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Human risk also comes up when employees do not follow the <a href=\"https:\/\/threatcop.com\/blog\/importance-of-workplace-security\/\">security policies<\/a> religiously. It can be in the form of using weak passwords or sharing their credentials.\u00a0<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">These behaviors are associated with knowledge gaps and an inability to deal with adverse situations. These factors make measuring human risk in cybersecurity through regular assessments and real-time simulation a necessary part of the defence strategy.&nbsp;<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Common_Blind_Spots_in_Human_Risk_Visibility\"><\/span><span style=\"font-weight: 400; color: #000000;\"><strong>Common Blind Spots in Human Risk Visibility<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">To this day, there are organizations that believe in annual security awareness training programs, completely ignoring the idea of regular assessments. These blind spots limit human-layer risk visibility. Common issues include:<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><span style=\"font-weight: 400; color: #000000;\"><strong>Dependency on Annual Awareness Scores<\/strong><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Assessing employees once a year doesn\u2019t provide the real picture of employees&#8217; behavior. Regular assessment is required to get accurate and real-time insights.\u00a0<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><span style=\"font-weight: 400; color: #000000;\"><strong>Failure to Track Near Misses<\/strong><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Sometimes, employees delay in reporting suspicious emails. These small warning signs often go unnoticed. Keeping a track of these \u201cnear misses\u201d incidents can help in measuring the vigilance of employees.&nbsp;<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><span style=\"font-weight: 400; color: #000000;\"><strong>No Role-Based Breakdown<\/strong><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Cyber risk varies from department to department and role to role as well. Thus, depending on size, fit training for all won\u2019t bring out any fruitful results. Rather, it hides the specific vulnerabilities unique to teams or departments that require utmost attention.&nbsp;<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><span style=\"font-weight: 400; color: #000000;\"><strong>Ignoring Third-Party and Contractor Risks<\/strong><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Contractors or third-party vendors are often not included in internal risk assessments, even though they can be responsible for a significant portion of human risk.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Framework_for_Measuring_Human_Risk\"><\/span><span style=\"font-weight: 400; color: #000000;\"><strong>Framework for Measuring Human Risk<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Measuring human risk in cybersecurity requires a solid and comprehensive framework. The AAPE framework checks all the boxes and is a perfect fit for measuring human risk metrics and offering solutions to them.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><span style=\"font-weight: 400; color: #000000;\"><strong>Assess<\/strong><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">The first thing is to assess the employees through conducting role-specific phishing simulations or social engineering tests. This helps in gathering data about human behavior.&nbsp;<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><span style=\"font-weight: 400; color: #000000;\"><strong>Aware<\/strong><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Test the amount of knowledge retained through micro-assessments integrated in workflows, allowing continuous awareness.&nbsp;<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><span style=\"font-weight: 400; color: #000000;\"><strong>Protect<\/strong><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Take note of the reduction in human risk incidents due to technical products like TDMARC and prominent control management.&nbsp;<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><span style=\"font-weight: 400; color: #000000;\"><strong>Empower<\/strong><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Measure the amount taken by employees to report an incident and their frequency. For example, how fast they reported a suspicious link they encountered.&nbsp;<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">The AAPE framework offers a structured approach to measure and mitigate human risk by focusing on their overall training to combat cyber attackers.&nbsp;<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Key_Metrics_for_Human_Risk\"><\/span><span style=\"font-weight: 400; color: #000000;\"><strong>Key Metrics for Human Risk<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">To track human risk in cybersecurity, organizations can use the following metrics:&nbsp;<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"color: #000000;\"><b>Click-through Rate on Phishing Simulations<\/b><span style=\"font-weight: 400;\">: Measure susceptibility to phishing based on specific roles within the organization.<br><\/span><\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\"><b>Time-to-Report Suspicious Emails<\/b><span style=\"font-weight: 400;\">: Track how quickly employees report potential threats, indicating their level of vigilance.<br><\/span><\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\"><b>Number of False Positives<\/b><span style=\"font-weight: 400;\">: False positives (when employees report legitimate emails as suspicious) show whether employees are erring on the side of caution.<br><\/span><\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\"><b>Access Hygiene<\/b><span style=\"font-weight: 400;\">: Track metrics such as password reuse, privilege creep, and adherence to access control policies.<br><\/span><\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\"><b>Behavior Trends<\/b><span style=\"font-weight: 400;\">: Monitor improvements in risky behavior over time, reflecting the effectiveness of ongoing training and security interventions.<\/span><\/span><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">These human risk metrics can be tracked continuously, offering actionable insights into human risk trends and helping InfoSec teams improve their security posture.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Building_a_Continuous_Human_Risk_Monitoring_Process\"><\/span><span style=\"font-weight: 400; color: #000000;\"><strong>Building a Continuous Human Risk Monitoring Process<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">If you are measuring human risk only once a year, then you are more likely to face cyber attacks. Instead of treating it as a one-time exercise, it should be conducted regularly. You can integrate it into your daily workflow to build an effective people security measurement program.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">You can start by adding human risk performance indicators (KPIs) to the SoC dashboard, allowing you to check human and technical metrics together. Furthermore, quarterly review cycles can be conducted to track progress and revamp training modules based on real-time data.&nbsp;<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Each department faces different challenges and risks. Thus, benchmarking across departments and teams ensures prudent resource allocation. It also helps in allocating substantial resources to each area, in line with their needs.&nbsp;<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Aligning_Human_Risk_Measurement_with_Compliance\"><\/span><span style=\"font-weight: 400; color: #000000;\"><strong>Aligning Human Risk Measurement with Compliance<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">To safeguard against legal and regulatory obligations, it is important to align your people security measurement strategy with industry standards and compliance. Map human risk metrics to frameworks like ISO 27001, SOC 2, GDPR, and HIPAA, which require continuous risk management and evidence of effective risk reduction.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Continuous evaluation and assessment allow organizations to be audit-ready and save their time and efforts during audits. With security measures compiled, you do not have to worry about an audit or do any extra preparation for it.&nbsp;<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Tools_and_Platforms_to_Support_Human_Risk_Measurement\"><\/span><span style=\"font-weight: 400; color: #000000;\"><strong>Tools and Platforms to Support Human Risk Measurement<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">If you are looking for tools for measuring human risk in cybersecurity, then Threatcop is the best choice for you. Here are different products by ThreatCop that can help in achieving strong human-layer risk visibility.&nbsp;<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"color: #000000;\"><a href=\"https:\/\/threatcop.com\/threatcop-security-awareness-training\"><b>TSAT (Threatcop Security and Awareness Training)<\/b><\/a><span style=\"font-weight: 400;\">: It is an AI-powered cyberattack simulator that trains employees to deal with phishing and other cybersecurity threats with its real-time simulation. Employees&#8217; performance is analyzed and used to prepare custom-made training programs. <br><\/span><\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\"><a href=\"https:\/\/threatcop.com\/threatcop-learning-management-system\"><b>TLMS (Threatcop Learning Management System)<\/b><\/a><span style=\"font-weight: 400;\">: It ensures employees remain informed and updated with the latest trends in cybersecurity. TLMS has more than 1300 interactive modules, allowing organizations to train their employees efficiently and effectively. <\/span><\/span><\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"color: #000000;\"><a href=\"https:\/\/threatcop.com\/threatcop-security-awareness-training\"><b>TPIR (Threatcop Phishing Incident Response)<\/b><\/a><b>: <\/b><span style=\"font-weight: 400;\">TPIR helps in the timely and speedy reporting of suspicious emails. It automates reporting and analysis procedures, helping security teams to investigate and stop breaches quickly.\u00a0<\/span><\/span><\/li>\n<\/ul>\n\n\n\n<style>\r\n  .threatcop-banner {\r\n    background-color: #02022e;\r\n    border: 2px solid #00bf63;\r\n    border-radius: 12px;\r\n    padding: 12px 24px;\r\n    display: flex;\r\n    justify-content: space-between;\r\n    align-items: center;\r\n    max-width: 1100px;\r\n    margin: 20px auto;\r\n    color: #ffffff;\r\n    font-family: Arial, sans-serif;\r\n  }\r\n\r\n  .threatcop-banner-text {\r\n    font-size: 18px;\r\n    font-weight: 500;\r\n  }\r\n\r\n  .threatcop-banner-button {\r\n    background-color: #00bf63;\r\n    color: #ffffff;\r\n    padding: 8px 20px;\r\n    border-radius: 8px;\r\n    text-decoration: none;\r\n    font-weight: 500;\r\n    white-space: nowrap;\r\n    transition: 0.2s ease;\r\n    font-size: 15px;\r\n  }\r\n\r\n  .threatcop-banner-button:hover {\r\n    opacity: 0.9;\r\n  }\r\n\r\n  @media (max-width: 768px) {\r\n    .threatcop-banner {\r\n      flex-direction: column;\r\n      text-align: center;\r\n      gap: 10px;\r\n    }\r\n  }\r\n<\/style>\r\n\r\n<div class=\"threatcop-banner\">\r\n  <div class=\"threatcop-banner-text\">\r\n    Discuss Your Organization\u2019s Human Risk Challenges\r\n  <\/div>\r\n  <a href=\"https:\/\/threatcop.com\/contact-us?utm_source=thrm_summerized_blog\" class=\"threatcop-banner-button\">\r\n    Book a Meeting\r\n  <\/a>\r\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Conclusion_Turning_Data_Into_Action\"><\/span><span style=\"font-weight: 400; color: #000000;\"><strong>Conclusion: Turning Data Into Action<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Measuring human risk in cybersecurity is vital for organizations aiming to curtail vulnerabilities due to human error. By regular assessment and gathering real-time data, you can create robust security measures at the technical and human front.&nbsp;<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Since human risk metrics enable quantification of the risk, it becomes extremely important to collect data and use it to prepare an effective people security measurement strategy.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Many organizations can instantly report patch compliance, endpoint protection, or the status of firewalls. However, they aren\u2019t able to answer a critical question: \u201cHow exposed are our people right now?\u201d&nbsp; Despite having robust security measures, human risk often remains unreported and unmeasured. While organizations lay their entire focus on the technical side, leaving the human [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":13603,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[329],"tags":[],"class_list":["post-13598","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-human-risk-management"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Measuring Human Risk in Cybersecurity: Key Metrics &amp; Strategies<\/title>\n<meta name=\"description\" content=\"Human risk is the most under-measured part of your security program. Learn how to identify, quantify, and reduce it using proven frameworks and tools.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Measuring Human Risk in Cybersecurity: Key Metrics &amp; Strategies\" \/>\n<meta property=\"og:description\" content=\"Human risk is the most under-measured part of your security program. Learn how to identify, quantify, and reduce it using proven frameworks and tools.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/\" \/>\n<meta property=\"og:site_name\" content=\"Threatcop\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-19T06:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-19T06:21:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/02\/Identifying-and-Measuring-Human-Risk-in-Your-Security-Program.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Threatcop\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatcop\" \/>\n<meta name=\"twitter:site\" content=\"@threatcop\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Threatcop\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/measuring-human-risk-in-security-program\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/measuring-human-risk-in-security-program\\\/\"},\"author\":{\"name\":\"Threatcop\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/e4db27ffd37219d73fc6b40cc9d45cfa\"},\"headline\":\"Identifying and Measuring Human Risk in Your Security Program\",\"datePublished\":\"2026-02-19T06:00:00+00:00\",\"dateModified\":\"2026-02-19T06:21:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/measuring-human-risk-in-security-program\\\/\"},\"wordCount\":1388,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/measuring-human-risk-in-security-program\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/Identifying-and-Measuring-Human-Risk-in-Your-Security-Program.jpg\",\"articleSection\":[\"Human Risk Management\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/measuring-human-risk-in-security-program\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/measuring-human-risk-in-security-program\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/measuring-human-risk-in-security-program\\\/\",\"name\":\"Measuring Human Risk in Cybersecurity: Key Metrics & Strategies\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/measuring-human-risk-in-security-program\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/measuring-human-risk-in-security-program\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/Identifying-and-Measuring-Human-Risk-in-Your-Security-Program.jpg\",\"datePublished\":\"2026-02-19T06:00:00+00:00\",\"dateModified\":\"2026-02-19T06:21:53+00:00\",\"description\":\"Human risk is the most under-measured part of your security program. Learn how to identify, quantify, and reduce it using proven frameworks and tools.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/measuring-human-risk-in-security-program\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/measuring-human-risk-in-security-program\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/measuring-human-risk-in-security-program\\\/#primaryimage\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/Identifying-and-Measuring-Human-Risk-in-Your-Security-Program.jpg\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/Identifying-and-Measuring-Human-Risk-in-Your-Security-Program.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"Identifying and Measuring Human Risk in Your Security Program\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/measuring-human-risk-in-security-program\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Identifying and Measuring Human Risk in Your Security Program\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"name\":\"Threatcop\",\"description\":\"Cybersecurity Blogs, News, Updates, and Articles\",\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\",\"name\":\"Threatcop\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"width\":432,\"height\":102,\"caption\":\"Threatcop\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/people\\\/Threatcop\\\/100083109892339\\\/\",\"https:\\\/\\\/x.com\\\/threatcop\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/threatcop\\\/\",\"https:\\\/\\\/www.instagram.com\\\/threatcop_official\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/e4db27ffd37219d73fc6b40cc9d45cfa\",\"name\":\"Threatcop\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"caption\":\"Threatcop\"},\"sameAs\":[\"https:\\\/\\\/threatcop.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Measuring Human Risk in Cybersecurity: Key Metrics & Strategies","description":"Human risk is the most under-measured part of your security program. Learn how to identify, quantify, and reduce it using proven frameworks and tools.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/","og_locale":"en_US","og_type":"article","og_title":"Measuring Human Risk in Cybersecurity: Key Metrics & Strategies","og_description":"Human risk is the most under-measured part of your security program. Learn how to identify, quantify, and reduce it using proven frameworks and tools.","og_url":"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/","og_site_name":"Threatcop","article_publisher":"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","article_published_time":"2026-02-19T06:00:00+00:00","article_modified_time":"2026-02-19T06:21:53+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/02\/Identifying-and-Measuring-Human-Risk-in-Your-Security-Program.jpg","type":"image\/jpeg"}],"author":"Threatcop","twitter_card":"summary_large_image","twitter_creator":"@threatcop","twitter_site":"@threatcop","twitter_misc":{"Written by":"Threatcop","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/#article","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/"},"author":{"name":"Threatcop","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/e4db27ffd37219d73fc6b40cc9d45cfa"},"headline":"Identifying and Measuring Human Risk in Your Security Program","datePublished":"2026-02-19T06:00:00+00:00","dateModified":"2026-02-19T06:21:53+00:00","mainEntityOfPage":{"@id":"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/"},"wordCount":1388,"commentCount":0,"publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"image":{"@id":"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/02\/Identifying-and-Measuring-Human-Risk-in-Your-Security-Program.jpg","articleSection":["Human Risk Management"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/","url":"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/","name":"Measuring Human Risk in Cybersecurity: Key Metrics & Strategies","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/#primaryimage"},"image":{"@id":"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/02\/Identifying-and-Measuring-Human-Risk-in-Your-Security-Program.jpg","datePublished":"2026-02-19T06:00:00+00:00","dateModified":"2026-02-19T06:21:53+00:00","description":"Human risk is the most under-measured part of your security program. Learn how to identify, quantify, and reduce it using proven frameworks and tools.","breadcrumb":{"@id":"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/#primaryimage","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/02\/Identifying-and-Measuring-Human-Risk-in-Your-Security-Program.jpg","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/02\/Identifying-and-Measuring-Human-Risk-in-Your-Security-Program.jpg","width":1920,"height":1080,"caption":"Identifying and Measuring Human Risk in Your Security Program"},{"@type":"BreadcrumbList","@id":"https:\/\/threatcop.com\/blog\/measuring-human-risk-in-security-program\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/threatcop.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Identifying and Measuring Human Risk in Your Security Program"}]},{"@type":"WebSite","@id":"https:\/\/threatcop.com\/blog\/#website","url":"https:\/\/threatcop.com\/blog\/","name":"Threatcop","description":"Cybersecurity Blogs, News, Updates, and Articles","publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/threatcop.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/threatcop.com\/blog\/#organization","name":"Threatcop","url":"https:\/\/threatcop.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","width":432,"height":102,"caption":"Threatcop"},"image":{"@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","https:\/\/x.com\/threatcop","https:\/\/www.linkedin.com\/company\/threatcop\/","https:\/\/www.instagram.com\/threatcop_official\/"]},{"@type":"Person","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/e4db27ffd37219d73fc6b40cc9d45cfa","name":"Threatcop","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","caption":"Threatcop"},"sameAs":["https:\/\/threatcop.com"]}]}},"_links":{"self":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/13598","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/comments?post=13598"}],"version-history":[{"count":4,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/13598\/revisions"}],"predecessor-version":[{"id":13606,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/13598\/revisions\/13606"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media\/13603"}],"wp:attachment":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media?parent=13598"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/categories?post=13598"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/tags?post=13598"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}