Estimated reading time: 5 minutes
The cybersecurity industry spends billions on technology. Firewalls. Endpoint detection. Zero trust architecture. But Yaniv Kapluto says the real problem walks through the front door every morning, as organizations continue to struggle with human error and the cybersecurity workforce gap. Kapluto is Chief Revenue Officer at nuKudo, a global cybersecurity workforce company that identifies, trains, and places security professionals across government and private sector organizations. He joined the Cyber Insurance News Podcast to talk talent, culture, and the human realities that drive most breaches.
The Soft Belly Of Every Organization
Technical defenses matter. But people remain the most exploitable entry point in any organization. Credentials get stolen. Laptops get left unattended. Employees reuse passwords. Each gap is an opening. Kapluto put it directly. “The soft belly is people.” The problem is not carelessness. It is awareness. Organizations that build a genuine culture of security outperform those that treat it as a compliance checkbox.
Get the episode at these spots.
YouTube
Spotify
Apple
Amazon
Building Cyber Professionals From Scratch
nuKudo began in Singapore by building cyber centers for the government. The need to find skilled staff soon became their main focus. Their selection process is tough. “One or two out of a thousand candidates will make it in.” Applicants take online tests and have interviews for specific roles. Those who succeed sign a three-year contract. The first four to six months are spent in intensive training, followed by real work with clients. Graduates finish with certifications and proven experience.
The Adversary Has A Business Plan
Cyber attackers are not just lone hackers. Many work in organized groups with budgets, staff, and revenue goals. Some are backed by governments, while others work for hire. AI has made them even more effective. “They don’t care about failing a thousand times. They care about winning one.” This imbalance is important for risk managers and underwriters to understand. Defenders must succeed every time, but attackers only need one chance.
Stolen Data Has A Long Tail
The impact of data theft goes far beyond the initial breach. Stolen credentials are often sold, and personal information can be misused months or even years later. “Data has value and has long-lasting value.” An attack that costs little for the hacker can cost the victim millions. For example, ransomware that locks a hospital’s imaging system does more than create a recovery bill; it stops medical procedures, leads to regulatory problems, and damages trust that can take years to restore.
The Cybersecurity Workforce Gap – Real And Measurable
There are not enough skilled people to fill cybersecurity jobs. Traditional hiring often excludes those without experience, but everyone needs a first chance. nuKudo looks for candidates from different backgrounds. Former teachers, for example, do well because their communication skills and calmness help in security roles. nuKudo focuses on attitude, not just credentials. “You’ve got to be a bit crazy about the subject.” The most important qualities are enthusiasm, curiosity, and persistence.
What Underwriters Should Be Looking For
A security team that spends 20 to 30 percent of its time on training is a sign of a mature organization. On the other hand, a team overwhelmed by too many cases is a risk. Simple questions can reveal a lot: Does the company use MFA? Do employees understand zero trust? “We’re all a target,” Kapluto said. The key is whether the organization behaves as if that’s true. For underwriters, the real risk is in the gap between knowing and acting.
AI, Quantum, And The Next Layer Of Risk
Cyber threats are growing quickly. AI now lets attackers operate on a much larger scale. Quantum computing will eventually break today’s encryption, and Kapluto thinks this could happen sooner than many expect. “Everything is going to change.” Shadow AI is already a problem, as employees using consumer AI tools with sensitive data can create risks that organizations have not planned for. Kapluto’s advice to leaders is clear: involve security and GRC teams early in AI decisions, invest in ongoing training, and treat every employee as a gatekeeper. In every breach, it was an employee who made the difference.
FAQ – Cybersecurity Workforce Gap
People. Credentials, unattended devices, and reused passwords remain the most common entry points for attackers regardless of the technology stack in place.
nuKudo identifies, trains, and places cybersecurity professionals into organizations. Candidates go through a rigorous multi-stage filter. Those accepted enter a three-year contract that combines intensive training with live client deployment.
Most hiring requires prior experience, which blocks entry-level candidates. nuKudo bypasses that by hiring for aptitude and disposition, then building the experience through structured deployment.
Basic questions reveal the most. MFA adoption, password hygiene, and whether the security team has dedicated time for upskilling are strong indicators of organizational maturity.
Quantum computing will eventually break current encryption methods. Data stolen today and held encrypted could become readable once quantum capability becomes affordable and accessible.
Transcript – This has been checked for accuracy. But verify elements against the recording to be sure.
Related Cyber Insurance Posts
- Messi Beats Ronaldo. Your Password Still Loses
- Tech Industry Pushes AI Forward While Relying on Cyber Insurance to Mitigate Risks – Embroker Report(Opens in a new browser tab)
- The Cyber Insurance Talent Shortage, Perspective from AXA XL(Opens in a new browser tab)
- Cyber Insurance And Quantum Computing – The New Risk(Opens in a new browser tab)
- Cybersecurity Skills Shortage Poses Significant Risks for Small and Mid-Sized Businesses (SMBs)(Opens in a new browser tab)
