Human Cyber Risk: 77% Of European CISOs Say The C-Suite Doesn’t Get It

Estimated reading time: 4 minutes

The CISO sees the threat. The boardroom sees a line item. New MetaCompliance research puts numbers on that old story at an awkward moment. AI is making attacks on human judgment cheaper, faster, and far more convincing. The survey covered 200 CISOs across the UK, France, Germany, and Sweden. Censuswide conducted it in February 2026 under MRS and BPC standards. More than three-quarters of respondents say senior decision-makers do not fully understand the cyber risk employees pose. Sixty-eight percent identify employees as their organization’s biggest security risk.

MetaCompliance sells human risk management, so the diagnosis suits the shop. The pattern, though, matches everything else crossing this desk.

Lone CISO facing an empty boardroom illustrating the human cyber risk leadership gap found in MetaCompliance's 2026 European CISO survey, via Cyber Insurance News

Leadership Support Has A Shelf Life

The most damning number concerns follow-through. Seventy-nine percent of CISOs say leadership support for security awareness initiatives fades over time. The board funds the training push, attends the kickoff, and drifts.

We have heard this song before. The IANS boardroom data we covered in March found interest without follow-through and briefings capped at 30 minutes. Max Martina made the deeper argument on our podcast: cyber risk is an adaptive leadership challenge, not a technical one. Organizations that treat it as an IT purchase repeat their failures on schedule.

James Mackay, MetaCompliance CEO, puts the stakes plainly. “Human cyber risk is no longer just an awareness issue or a training issue; it is a strategic business risk,” he said.

AI Sharpens Human Cyber Risk

Among CISOs who feel less confident in their resilience than a year ago, nearly half blame AI-enabled social engineering. The concern splits three ways. Over four in ten fear AI is accelerating attack speed and impact. Forty percent worry that employees feed sensitive data into generative AI platforms. Forty-one percent fear malicious insiders using AI for fraud or theft.

See also  Cybersecurity Exposed: Ransomware, AI Deepfakes & the Threat We Can’t Ignore - New Podcast

That reads like the worry list from the AXIS CEO-CISO survey we reported in January. It also matches what retail and hospitality CISOs told RH-ISAC, covered here in April. AI now ranks at the top of the friction list in every survey worth reading.

The UK Leads On Deepfake Fear

UK CISOs stand out in one finding. More than half identify deepfake impersonation as a major threat, the highest across all four markets. Treat the per-market cuts with care, since each rests on 50 respondents. Still, the signal fits. AXIS found UK leaders far less confident on AI threats than their American peers, with 44% feeling prepared, compared to 85% in the US.

For UK brokers, that anxiety is a door. Deepfake-enabled payment fraud lands in the gap between cyber and crime policies. Clients who fear the threat rarely know which policy responds.

The Attestation Problem, Human Edition

For insurers, this report describes an underwriting blind spot. Proposal forms ask whether security training exists. They rarely ask whether leadership still funds it, measures it, or attends. A program with fading executive support is a control in name only.

Joshua Brown made the same point about technical controls on our podcast this week. Attestations expire the moment someone takes them. Human controls decay faster. Culture drifts quicker than a firewall config, and no screenshot captures it.

Seventy-six percent of surveyed CISOs also report competing stakeholder demands for human-risk metrics. Until boards, insurers, and regulators agree on what good looks like, the CISO keeps translating alone. Bold leadership would help. Sustained attention would help more.

See also  CyberCube and Aviva Partner: AI Boosts Cyber Threat Intelligence and Risk Management

FAQ – Human Cyber Risk

1. What Is The Main Finding Of The MetaCompliance CISO Survey?

Seventy-seven percent of European CISOs say senior leaders do not fully understand employee cyber risk.

2. Who Conducted The Research And How?

Censuswide surveyed 200 CISOs across the UK, France, Germany, and Sweden in February 2026.

3. Why Is AI Making Human Cyber Risk Worse?

AI produces convincing impersonation and social engineering attacks at scale, targeting judgment rather than systems.

4. What Did The Survey Find About Leadership Support?

Seventy-nine percent of CISOs say leadership backing for security awareness initiatives fades over time.

5. Which Market Fears Deepfakes Most?

The UK. Over half of UK CISOs call deepfake impersonation a major threat, the highest among those surveyed.

6. What Does Human Cyber Risk Mean For Cyber Insurance?

Training attestations decay without leadership support. Deepfake fraud also tests the seams between cyber and crime coverage.

Leave a Comment

×