Today, we delve into the heart of one of the challenges of modern cybersecurity: human risk.
Do not be mistaken, while firewalls and detection algorithms are becoming more robust, attackers have found a much more effective way: hacking the user instead of the machine.
### The collapse of the technocentric paradigm
The first breaking point is the collapse of the technocentric paradigm. For years, the response to any threat has been the stacking of software solutions, asserts the report ‘The State of Human Risk 2026’ by Mimecast. However, today, the majority of major incidents do not stem from a code flaw, but from misuse of credentials or human error. And cybercriminals systematically exploit these weaknesses.
### Securing empty fortresses
The issue isn’t just that humans are weak. In fact, our protection systems were not designed for how employees actually work in 2026. It’s like securing empty fortresses while employees are already outside, exposed to ultra-personalized phishing by AI.
Furthermore, the mathematical reality of this risk is striking. Did you know that only 8% of collaborators are responsible for 80% of security incidents? We are facing an extremely high concentration of danger. And we are not talking about internal sabotage or malicious intent. Most of the time, it’s well-intentioned employees who fall victim to fatigue, distraction, or highly sophisticated social engineering tactics that are almost undetectable.
And the financial impact is far from virtual. A single incident involving an internal threat costs an average of $13 million.
### France’s position
Finally, where does France stand in this evolving landscape? The French market distinguishes itself with a “pragmatic cautious” approach, according to the study. French decision-makers do not panic but adopt a methodical approach. French CIOs understand that AI is primarily used by attackers to create perfect decoys.
To address this, France relies on two main strategies. Firstly, a strict governance in highly regulated sectors like banking, which elevates the entire market. Secondly, a deep belief that technology alone is blind without training. In France, user education is seen as a priority security investment.
The ZD Tech podcast is available on all platforms! Subscribe!
