Cyber-security or cyber-biased security?

The security sector frequently allows prejudices to shape organizational choices. Many organizations dedicate over 80% of their security expenditure and effort to technology, while allocating just 10-15% to policies and procedures. This allocation strategy proves problematic given that at least 82% of breaches can be traced back to human factors.

Structural Organizational Challenges

Information security functions typically operate within IT departments or GRC units (Governance, Risk and Compliance). This division creates gaps — IT handles technical infrastructure while GRC manages policies and risk. Training and awareness initiatives frequently fall between these departments, receiving inadequate attention.

The consequence is clear: focus on the people element can often get waylaid when teams concentrate exclusively on technical and organizational controls.

The Missing Human Element

Organizations lack dedicated specialists who understand human psychology and behavior in security contexts. A multidisciplinary approach — combining cybersecurity expertise with psychology, organizational theory, and communication — proves significantly more effective for addressing human-centered security challenges.

People naturally seek efficient workflows. Rather than being inherently lazy, employees find easier, quicker and simpler ways of getting things done. When security implementations create friction in daily tasks, adoption suffers.

Praxis Security Labs’ Approach

The organization emphasizes understanding people alongside risk and security. Their multidisciplinary team investigates current conditions, engages stakeholders, and recommends improvements that reduce friction while strengthening security postures.

Human factors demand equal consideration with technology in comprehensive cybersecurity strategies.