Surveys highlighting cyber risks have become a regular feature in recent years, often focusing on data breaches, phishing attacks, and ransomware incidents. However, a new study shifts the spotlight toward a more fundamental concern: Cyber Threat Literacy.
According to the findings, a lack of understanding about cyber risks has emerged as the top issue among people, surpassing even the shortage of technical skills and limited awareness surrounding the challenges of adopting artificial intelligence.
The survey, conducted by global insurance broker Marsh and titled “2026 People Risks”, underscores how technological change and ongoing digital disruption continue to pose significant challenges to individuals and organizations worldwide. As businesses increasingly rely on digital infrastructure, the gap between technological advancement and users’ ability to understand associated risks appears to be widening.
Another notable insight from the report is the growing apprehension around artificial intelligence. Many respondents expressed concern that AI adoption could potentially cause more harm than good, creating hesitation among organizations and individuals alike. This perspective has been echoed by several prominent technology leaders, including Elon Musk, who have frequently warned about the unintended consequences of unchecked AI development.
Marsh compiled the report using insights gathered from more than 4,500 HR and risk management professionals across 26 global markets. The breadth of the survey provides a comprehensive view of how organizations perceive evolving risks in a rapidly changing technological environment. The findings suggest that while companies are investing in advanced tools and systems, human understanding of these technologies is not progressing at the same pace.
From an insurance and risk assessment standpoint, these trends present serious implications. A workforce that lacks cyber threat literacy is more vulnerable to attacks, increasing the likelihood of breaches and operational disruptions. In turn, this can weaken an organization’s competitive position and its ability to adapt to the increasingly complex cyber threat landscape.
However, not everyone agrees entirely with the report’s conclusions. Ed Ventham, Director of the UK-based insurance firm Assured, offers a slightly different perspective. He argues that it may not be entirely accurate to say that cyber threat literacy is absent among individuals. Instead, he suggests that the real issue lies in the lack of clarity around how to respond when an attack actually occurs.
Ventham’s viewpoint highlights a critical gap between awareness and action. While many people may recognize cyber threats, they often lack the practical knowledge needed to respond effectively in real-world scenarios. This emphasizes the importance of having well-defined incident response plans and proactive security strategies in place.
Ultimately, the report points to a growing need for organizations to go beyond technical investments and focus on strengthening human preparedness. Bridging the gap between knowledge and action could play a key role in reducing cyber risks and building resilience in an increasingly digital world.
Join our LinkedIn group Information Security Community!
