Cybersecurity isn’t about certainty. It’s about being ready when the unexpected happens. That was the core message in Mark Hamill’s recent webinar, Cyber Resilience in the Age of AI. This live session offered no-nonsense insights and landed firmly on what matters: human behaviour, practical defences and the psychological tricks that still drive many of today’s attacks.
Why Cyber Resilience Matters More Than Ever
Cybersecurity is no longer about eliminating risk entirely—it’s about preparation and response. In his webinar, Mark Hamill emphasised that readiness, not certainty, is the cornerstone of modern defence. He shared a real example of a sophisticated phishing attempt: an email claiming Pegasus spyware had been installed on his phone, which appeared to come from his own email address. The message was highly personalised, alarming, and designed to provoke an immediate emotional response.
The Psychology Behind Today’s Cyber Attacks
This type of attack is no longer unusual. Cybercriminals have become increasingly sophisticated by combining breached data with publicly available information to create highly convincing scams. For example, they might link an email address to a home address and even include a photo sourced from Google Maps to add authenticity. The goal isn’t primarily technical exploitation, but psychological manipulation. By carefully crafting messages that provoke fear, urgency, or curiosity, attackers aim to increase stress levels, which often undermines rational decision-making and leads victims to act impulsively.
System 1 vs. System 2: Thinking Under Pressure
Cyber resilience is about slowing down decision-making when under stress. Mark explained the concept of System 1 and System 2 thinking: System 1 represents fast, instinctive, and emotional responses, which often lead to mistakes during cyber attacks. System 2, on the other hand, involves slower, more deliberate, and rational thinking that helps users identify threats before reacting. Under pressure, people tend to rely on instinctive, fast responses. Building resilience means slowing that process down. It’s about helping users recognise when something feels wrong and giving them the space and confidence to pause before acting.
Why Awareness Alone Isn’t Enough
Cyber awareness alone is not enough. Knowledge decays quickly if it is not maintained. As Mark highlighted, the science behind behavioural change is complex and many awareness programmes fail because they rely on single touchpoints or generic content. Effective Human Risk Management requires a continuous, targeted approach, one that considers how individuals behave, what influences their decisions, and how best to reinforce secure actions over time.
Building Cyber Resilience Through Human Risk Management
In the context of cybersecurity, resilience isn’t just about withstanding an attack—it’s about equipping people to respond effectively and confidently when the pressure is on. As attackers increasingly leverage AI-driven tools to enhance the speed and scale of their attacks, organisations face more complex threats than ever before. Yet, despite these advances, the most powerful defence remains constant: a workforce that is informed, alert, and empowered to act securely.
A Layered Strategy to Address Human Vulnerabilities
To build true cyber resilience, organisations must adopt a layered strategy that goes beyond technology. This includes implementing robust Human Risk Management programs focused on understanding and influencing employee behaviour. By addressing the human factors that contribute to vulnerabilities—such as decision-making under stress, susceptibility to social engineering, and inconsistent security practices—companies can reduce their risk exposure significantly. Continuous education, personalised cybersecurity training, and real-time reinforcement are critical to ensuring that employees remain vigilant and capable of making safe choices in dynamic threat environments.
Watch the Full Webinar for Practical Cyber Resilience Insights
If you want to dive deeper into the topic of cyber resilience and learn actionable strategies, we highly recommend watching Mark Hamill’s full webinar. In this session, Mark offers practical insights on protecting your people and your business from today’s evolving cyber threats. You’ll gain a better understanding of how to implement effective Human Risk Management, recognise the latest phishing techniques, and build a culture of security awareness that empowers employees to act confidently—even under pressure.
Don’t miss this opportunity to strengthen your organisation’s cyber resilience with expert advice tailored for the challenges of the AI-driven landscape.
