Human Error To Architectural Failure: Redefining Cyber Accountability
✨ AI Summary
🔊 جاري الاستماع
InnovationHuman Error To Architectural Failure: Redefining Cyber AccountabilityByFederico Simonetti,Forbes Councils Member.for Forbes Technology CouncilCOUNCIL POSTExpertise from Forbes Councils members, operated under license. Opinions expressed are those of the author. | Membership (fee-based)Jun 05, 2026, 07:15am EDTXiid's CTO, Federico Simonetti, is a security expert with a background in ethical hacking, law enforcement and academia. gettyAfter every major breach, the same phrase shows up in the postmortem: human error. Someone clicked the wrong link. An admin misconfigured a setting. A contractor reused a password.On the surface, this sounds like accountability. In reality, it’s a tell. It signals that the organization is still treating cybersecurity as a behavior problem rather than a design problem.Boards no longer have that luxury. Cyber risk now sits alongside financial risk and regulatory exposure as a core governance responsibility. Regulators and investors expect directors to demonstrate real oversight of technology risk, not just sign off on budgets and hear an annual briefing.If your security strategy still depends on people consistently doing the right thing in complex, high-pressure environments, the problem is not your people. It’s your architecture.Human Error Is Predictable; Architecture Is A ChoiceAnalyses routinely show that the majority of breaches include a human factor. Think of misdirected emails, credential reuse, misconfigurations or a convincing phish. But those behaviors are inevitable. Employees choose speed when deadlines loom. Developers use tools that help them ship faster. Executives approve exceptions that keep revenue flowing.If you know a behavior is inevitable and still design your defenses around preventing it, that’s not “user error.” That’s a design decision. Most programs are built on probabilistic controls that help but depend on human attention, memory and judgment, including:• Awareness campaigns• Simulated phishing...
