Cimento is headed to Black Hat USA — catch us in Vegas, Aug 1–6

Black Hat USA 2026 · Aug 1–6

Book a Meeting →

Book a Meeting →

Home / Human Risk Management

Category Guide

Human risk management.

Security awareness training asks: did people complete the course? Human risk management asks: is the organization harder to attack than it was last quarter?

Security awareness training asks: did people complete the course? Human risk management asks: is the organization harder to attack than it was last quarter?

Security awareness training asks: did people complete the course? Human risk management asks: is the organization harder to attack than it was last quarter?

Human risk management (HRM) treats employees the way you treat endpoints: continuously monitored, individually scored, automatically remediated. This page defines the category and how to evaluate platforms in it.

Definition

What counts as HRM.

A human risk management program does three things continuously that awareness training does annually or not at all:

01

Measure exposure

Map who has the access, approval authority, and public footprint that attackers target. Exposure is the impact half of risk — and it’s invisible to click-rate metrics.

02

Measure behavior

Test how people actually respond to realistic social engineering across email, SMS, voice, and AI-enabled impersonation — by role, over time.

03

Reduce, then prove it

Remediate with in-the-moment coaching, verify behavior changed, and report risk as a trend line leadership can hold the program to.

The Shift

From SAT to HRM.

Security Awareness Training

Security Awareness Training

Human Risk Management

Human Risk Management

Unit of work

Unit of work

The campaign

The campaign

The individual risk profile

The individual risk profile

Cadence

Cadence

Annual / quarterly

Annual / quarterly

Continuous

Continuous

Success metric

Success metric

Completion and click rates

Completion and click rates

Risk index trending down

Risk index trending down

Channel model

Channel model

Email-first

Email-first

Every channel attackers use

Every channel attackers use

Employee experience

Employee experience

Scheduled modules

Scheduled modules

Seconds of coaching, in the moment

Seconds of coaching, in the moment

Audience for output

Audience for output

Compliance auditors

Compliance auditors

Boards, insurers, and the SOC

Boards, insurers, and the SOC

Why the Category Exists

Three pressures made SAT insufficient.

AI-scaled attacks

Generative AI removed the cost and quality constraints on social engineering. Flawless lures, cloned voices, and researched pretexts are now cheap and scalable — template-recognition training doesn’t transfer.

Board and insurer scrutiny

Human-element breaches dominate incident data, so boards and cyber insurers ask for evidence of risk reduction. Completion rates no longer survive that conversation.

Lean security teams

Mid-market teams can’t staff campaign administration. Risk work has to run automatically or it doesn’t run.

Cimento's Approach

HRM, AI-native from the start.

Cimento was built from day one as a risk engine: integrate, simulate, score, remediate, report — continuously, for your people and, increasingly, the agents acting on their behalf.

Integrate & learn: HRIS, identity, and SIEM connections map exposure per employee automatically.

Simulate: AI-generated, role-adapted scenarios across email, SMS, voice, and impersonation — inside approved scope.

Score: exposure × behavior × resilience, per role, refreshed continuously.

Remediate: 60–90 second adaptive coaching at the moment of failure, escalating until behavior changes.

Report: a board-ready risk trend, refreshed continuously.

Start with a number.

You can’t manage human risk you haven’t measured. The 14-day baseline gives you the starting point — alongside whatever program you run today.

Get Started

See It Live

Explore how modern phishing simulations and real-time human risk insights can strengthen your security posture. Let’s talk.

Get Started

See It Live

Explore how modern phishing simulations and real-time human risk insights can strengthen your security posture. Let’s talk.

Get Started

See It Live

Explore how modern phishing simulations and real-time human risk insights can strengthen your security posture. Let’s talk.

Get Started

See It Live

Explore how modern phishing simulations and real-time human risk insights can strengthen your security posture. Let’s talk.