Cyber Resilience in the AI Era: Why Human Skills Still Matter

As AI reshapes the digital landscape, it is redefining both the tools of cyber attack and the means of defence. Today’s threat environment is evolving faster than ever, demanding that businesses pair cutting-edge technology with human expertise and vigilance. Cybersecurity is now a cornerstone of operational resilience, data integrity, and customer trust.

The future of defence lies not only in integrating AI strategically, but also in ensuring that people across all levels of an organisation understand the risks and play an active role in managing them. Automation can accelerate detection and response, but true resilience depends on a workforce equipped with the right skills, awareness, and accountability to complement intelligent systems.

With this in mind, the experts below explore how businesses can strengthen their defences by combining smarter tools with skilled teams and a culture of continuous learning. This Cybersecurity Awareness Month, leaders from Pipedrive, Vanta, Coursera, Elastic, Shopify, Box, UserTesting, DocuSign, and Tools for Humanity are calling for a renewed focus on education and empowerment because awareness is the first line of defence.

John Mutuski, CISO, Pipedrive:

“Cybersecurity Awareness Month is a reminder for businesses of every size to prioritise protecting their digital assets. For small businesses in particular, phishing and social engineering remain the most common threats. With limited resources, the focus should be on building employee awareness through threat-detection training, alongside good security hygiene measures such as multi-factor authentication (MFA), antivirus protection, and encryption.

“AI is reshaping both cyber threats and the tools used to defend against them. While it can enhance threat detection, AI is not a silver bullet—human oversight remains essential to catch errors and make informed decisions. While AI shows strong results, sales and marketing professionals surveyed in our latest annual State of Sales & Marketing report express security concerns with the emerging technology, with 35–40% of respondents citing data privacy and security as barriers. Maintaining human supervision across AI use cases is therefore critical, for example ensuring training data cannot be manipulated in ways that compromise large language models (LLMs).

“In today’s evolving threat landscape, resilience depends on both robust technical measures and a culture of vigilance. Organisations risk potential harm if transparency, oversight, and consent mechanisms aren’t in place. That’s why it’s vital to keep humans in the loop to provide governance, manage processes, and maintain human oversight as these technologies continue to evolve.”

Jadee Hansom, CISO at Vanta:

“One of the most important themes we should focus on this CybersecurityAwareness Month is how AI is both an advantage and disadvantage of security. Recent research from Vanta shows that the majority of business and IT leaders today feel like AI risk outpaces their expertise. But those same leaders are seeing amazing benefits from adopting AI into their security program. For CISOs, the job is no longer about being a technical gatekeeper—it’s about flipping the switch with AI to turn it from a threat into an asset. We have to become business enablers who understand and strategically manage AI risk, while also leveraging new tools to keep up with the emerging threats that AI brings to the table. “

Nikolaz Foucaud, Managing Director EMEA, Coursera:

“This Cybersecurity Awareness Month, it’s clear that UK technology leaders see cybersecurity skills as a critical line of defence against rising threats. Our recent Technology Leaders Survey, exploring the key business skills priorities for tech leaders, shows that two-thirds (67%) view keeping pace with technology as the most urgent driver for skills development, followed closely by staying ahead of security threats (62%). 

“It’s no surprise that security is taking centre stage on the corporate skilling agenda. With over a quarter (27%) of companies hit by a cyber-attack in the past year – up 11% from June 2024 – the need for investment in cybersecurity training has never been greater. But according to recent government research, nearly half (49%) of businesses have a basic skills gap, struggling with essential tasks including setting up firewalls, managing personal data securely and detecting malware.

“Nurturing critical cybersecurity skills across an organisation is one of the best forms of defence. And with cyber skills gaps difficult to be mitigated through hiring alone, three-quarters (75%) of leaders are prioritising training their existing employees over the next 12-18 months, according to our Technology Leaders Survey. Those who have already invested are seeing benefits: 79% report enhanced performance and productivity, while 59% saw greater talent mobility. As cyber attacks rise in frequency and sophistication, ensuring employees are adequately upskilled will be essential for organisations seeking to strengthen resilience and sustain safe, secure innovation.”

Suzanne Button, Field CTO, EMEA, Elastic: 

“Cybercrime is no longer a warning on the horizon. It’s a direct hit. Just this year, attacks on UK retailers cost hundreds of millions in revenue, with one breach slashing £80 million off profits. The threat landscape moves fast and doesn’t stand still. Defence must move faster.

AI is shifting the balance, helping teams detect threats earlier, respond faster, and focus on what matters most. But to realise its full value, they must invest in approaches that provide visibility across all data and teams, or risk getting stuck in reactive cycles. 

Security isn’t just about protecting endpoints, it’s about seeing and understanding threats across every system, every dataset, and every workflow. Security cannot live in silos. It requires awareness, agility, and collaboration across every team and every system. 

As we mark Cybersecurity Awareness Month, it’s worth asking whether current practices match the threats we face. The organisations that thrive will be those that challenge old assumptions, embed security in their company culture, and build resilience into the core of all their operations.”

Shopify’s Managing Director, EMEA, Deann Evans

“In today’s unified retail landscape, targeted threat detection has never been more important. Retail consistently ranks among the top 6 industries most vulnerable to cyberattacks, facing threats like credential phishing, supply chain compromises, and increasingly sophisticated session hijacking. Retailers must adopt a proactive, layered security approach to mitigate these evolving risks.

“One strategy is simplifying the technology stack. Reducing complexity helps minimise the attack surface, and makes it easier to monitor for anomalies. For example, using consolidated device types can enhance visibility, tighten access control, and improve response times. Retailers should also look to integrate AI-powered threat detection and response systems into their security operations. These tools are especially effective in targeting advanced attacks, such as session theft, that traditional tools may miss. AI tools can augment human capabilities, allowing teams to respond faster, and more precisely. 

“Ultimately, cybersecurity is a shared responsibility. Building a security-first culture is just as important as the tools in place. Investing in awareness and embedding security into daily operations enables each individual in a business to play a role in protecting the business and its customers.”

Xavier Ferrer, CISO at UserTesting: 

“Businesses increasingly rely on customer insight to guide critical decisions across product, marketing and customer experience, but that insight is only valuable if it’s trustworthy. When data is compromised by bots, fraud, or low-quality participants, product decisions suffer that are ultimately detrimental to the wider customer base.

“At UserTesting, we built UserTesting Verified™ to tackle this problem directly. By combining AI and geolocation signals, we screen out bad actors before they enter the feedback loop. That means faster research, cleaner data, and fewer internal debates about ‘what to believe’.

“Cybersecurity Awareness Month is a good reminder that customer trust needs to be part of a business’s core infrastructure – it’s essential to delivering products & services customers can rely on. Businesses that invest in secure, verified research are in a stronger position to build the right solutions for their customers – and build trust from the start.”

Adrian Ludwig, Chief Architect, Tools for Humanity:

“Deepfakes are among the fastest growing cybersecurity threats facing businesses and consumers alike, particularly as AI adoption continues to scale. With only a third of people confident they can spot AI-generated content – and more than 105,000 deepfake attacks reported in the US alone last year – these scams exploit the everyday tools employees rely on, from video conferencing to messaging and email. 

Cybersecurity Awareness Month is a timely reminder that deepfakes are not just a security risk but a direct challenge to how organisations build trust and resilience in the digital workplace.

The challenge isn’t proving someone’s identity, it’s about proving and knowing that you’re engaging with a real human being. As deepfakes become cheaper and easier to deploy, businesses need new safeguards that ensure staff know they’re interacting with a genuine person (who’s also the right person) in critical moments – whether approving payments, responding to an urgent request, or joining a meeting online.

Deepfakes don’t just put companies, employees, and consumers at financial risk — they also undermine trust in AI as a tool for productivity. If people start questioning the reliability of what they see or hear, they’re less likely to use AI with confidence. As models become more sophisticated, building proof of humanness into workplace tools must become a fundamental part of business resilience.”

Heather Ceylan, CISO, Box:

“Cybersecurity Awareness Month serves as a reminder that security lives in every click, decision, and conversation. Cybersecurity is not a goal you can complete, it’s a 24/7 ongoing discipline. In today’s AI-first era, security and AI are inseparable for businesses. Our State of AI in the Enterprise report highlights that 87% of companies already use AI agents, with nearly all planning to increase AI investment in 2026.

“AI is a double-edged sword; it can be a powerful catalyst for defence, enabling automation, sharper insights, and faster response – opening up opportunities that didn’t even exist before. Yet AI can also be an accelerator for the threat landscape, giving attackers automated tools to exploit human vulnerabilities.

“The core truth remains: people remain the biggest security vulnerability in organizations. Enterprises can’t let AI overshadow the security fundamentals like identity controls, consistent patch management, risk monitoring, and strong human oversight. Cybersecurity must stay rooted in Zero Trust principles, with Failsafes, and industry standard authentication like MFA. AI should layer on top of these foundations, strengthening defenses and detecting anomalies, and reducing disruption to everyday work. In this way, AI can amplify trust, not uncertainty.”

Maxime Hambersin, Senior Director of Product Management International at Docusign:

“One of the biggest consequences of a cybersecurity breach is fraud. There were an estimated 72,000 cyber-facilitated fraud events across the UK business population in the last 12 months. With AI-generated deepfakes making it easier than ever to steal identities, the risk of cyber-facilitated fraud continues to accelerate.”

“We are constantly told to practice good cybersecurity hygiene, because vigilance matters. Spotting scams and reporting suspicious activity can prevent major fallout. With digital documents, e-signatures, and AI-driven cloud services now the norm, every request must be verified securely. Building cyber-resilience is dependent on working with trusted partners who meet global security standards and following AI best practices – as without trust, the entire value exchange breaks down.”

“There’s a shake-up underway of cybersecurity in the UK and Europe, with a whole raft of new regulations that have the security of data, networks and products at the centre of them – the NIS2 Directive, the EU Data Act, and EU Artificial Intelligence (AI) Act. Public safety organisations, especially government-run services, face the challenge of implementing practical measures to align with these new laws. This could include having a robust update policy in keeping with the UK’s Cyber Essentials scheme, or managing the extra security required after upgrading from non-OS narrowband devices to OS-run broadband devices.

It’s understandable that resource-stretched and hard-pressed public safety leaders sometimes recoil from the initial cost of upgrading to new and more secure platforms. But it’s a very worthwhile investment, because the cost of declining to protect critical systems will be far greater, in money, public confidence and even lives. The risk from cyberattacks has never been greater, but the tools to defeat them have never been better or more accessible.

Decision-makers shouldn’t despair, because there’s a rich ecosystem of solutions to optimise the workflows needed to update and protect critical communications networks and assets. There’s a comprehensive suite of fleet-wide device management tools designed to protect sensitive data and the hardware which accesses it. And there are many trusted partners to lean on for expertise on how to make robust cybersecurity a natural part of intelligent operations.”

“Docusign’s The Future of Global Identity Verification report found identity fraud costs businesses an average of £5.5M ($7M). Nearly 7 in 10 executives say fraud attempts are rising, yet many (66%) see a trade-off between security and customer experience. Two-thirds (58%) worry prevention tools frustrate users, and 45% put customer experience first as a result. But if security slips, the cost is far higher. Businesses and consumers alike must put protection first to safeguard identities, assets, and finances.”

“The cyber battlefield is shifting, therefore, so must defence strategies. From AI-enhanced threat detection to zero-trust frameworks, today’s most resilient organisations are those that integrate security into every layer of their operations. Yet amid automation and innovation, one principle remains constant: humans must stay in the loop.”

Oliver Ledgard, Public Safety Strategy Director, EMEA, Zebra Technologies:

“There’s a shake-up underway of cybersecurity in the UK and Europe, with a whole raft of new regulations that have the security of data, networks and products at the centre of them – the NIS2 Directive, the EU Data Act, and EU Artificial Intelligence (AI) Act. Public safety organisations, especially government-run services, face the challenge of implementing practical measures to align with these new laws. This could include having a robust update policy in keeping with the UK’s Cyber Essentials scheme, or managing the extra security required after upgrading from non-OS narrowband devices to OS-run broadband devices.

It’s understandable that resource-stretched and hard-pressed public safety leaders sometimes recoil from the initial cost of upgrading to new and more secure platforms. But it’s a very worthwhile investment, because the cost of declining to protect critical systems will be far greater, in money, public confidence and even lives. The risk from cyberattacks has never been greater, but the tools to defeat them have never been better or more accessible.

Decision-makers shouldn’t despair, because there’s a rich ecosystem of solutions to optimise the workflows needed to update and protect critical communications networks and assets. There’s a comprehensive suite of fleet-wide device management tools designed to protect sensitive data and the hardware which accesses it. And there are many trusted partners to lean on for expertise on how to make robust cybersecurity a natural part of intelligent operations.”

AI can process vast amounts of data in seconds, but it cannot replace human judgment, intuition, or ethical oversight. The strongest cybersecurity strategies will emerge from collaboration between intelligent systems and informed professionals who can anticipate, adapt, and respond effectively.

As these experts agree, resilience is not about how you react to incidents, it’s about preventing them through preparedness and upskilling. Businesses that invest in developing cyber-capable teams, embedding security into every layer of innovation, and fostering a culture of learning across their organisations will be best placed to earn and maintain digital trust in the AI era.