With artificial intelligence (AI) now augmenting up to 80% of phishing emails and cybercriminals constantly upping their games, relying on employee training alone is both insufficient and damaging.
To manage human risk effectively in this new landscape, organisations must deploy a defence that mirrors the threat: AI-driven security layers that work in tandem with a continuous culture of human awareness, says Anna Collard, senior vice-president of content strategy and CISO advisor at KnowBe4 Africa.
According to recent data from KnowBe4, phishing emails are on the rise, increasing by 17% between late 2024 and early 2025. More concerning is that 58% of these emails originate from compromised accounts, making them significantly harder to detect.
“We are seeing a fundamental shift in how attacks are constructed,” explains Anna Collard, SVP of Content Strategy & Evangelist at KnowBe4 Africa. “Threat actors are using generative AI to personalise attacks at scale. They can scrape public data to craft contextually relevant, grammatically perfect emails. The ‘gut check’ that employees used to rely on is being challenged by machines.”
Harder to detect threats
The sophistication is compounded by polymorphic attacks – which constantly change their attributes to evade detection – now featuring in the overwhelming majority of phishing campaigns. When a malicious email comes from a legitimate vendor or colleague’s actual address, traditional red flags like “lookalike domains” become irrelevant.
“Humans have cognitive limitations and are susceptible to stress, fatigue, and distraction,” Collard notes. “It is understandable that even the most security-aware employees can have momentary lapses in judgment when the deception is this precise.”
This reality is driving the industry toward a new paradigm: Human Risk Management (HRM). Unlike traditional security models that treat people as a problem to be fixed, HRM views the workforce as a dynamic attack surface that requires a combination of education, culture, and, crucially, adaptive technical defences.
The role of defensive AI
To counter AI-driven offense, organisations must deploy AI-driven defence. Modern cloud email security solutions act as an adaptive shield that works alongside the employee. By utilising machine learning, these systems analyse thousands of signals – tone, relationship strength, sending patterns, and metadata anomalies – that are often invisible to the human eye.
“AI-driven threat detection acts as an intelligent safety net,” Collard explains. “It analyses emails for malicious indicators before they reach inboxes. When threats are detected, the system provides clear warnings or blocks access, allowing legitimate work to continue while filtering out the noise. We all know how useful a second pair of eyes can be in our daily lives. AI is doing that for employees facing these threats now – and it comes at a crucial time.”
This technology provides a critical safety net. For instance, in a Business Email Compromise (BEC) scenario where a vendor’s compromised account requests a payment change, the email itself is technically “legitimate” as it comes from the correct server. However, an AI-driven defence layer would flag the anomaly: the tone is urgent, the banking details are new, and the request deviates from the established pattern of communication.
The feedback loop: Humans teaching machines
Critically, this is not about replacing human judgement with algorithms, but creating a symbiosis. One of the most powerful aspects of modern Human Risk Management is the feedback loop created between the workforce and the security platform.
“Technology provides the first line of defence, but human judgement often confirms the nuance,” Collard emphasises. “When an employee reports a novel threat, that intelligence helps the system learn. It turns a potential breach into a teaching moment, reinforcing the training without putting the organisation at risk.”
Future-proofing with Human Risk Management
As we look toward 2026, the convergence of threats will keep accelerating. Predictive threat intelligence and automated response orchestration are becoming standard requirements for maintaining digital resilience. “Organisations need to formulate a holistic Human Risk Management approach,” Collard maintains. “This includes identifying human-related risks, delivering personalised education, and integrating automation to handle the heavy lifting.”
Ultimately, the goal is to create an environment where security is a shared responsibility. By layering AI defences over a culture of vigilance, organisations can ensure that technology handles the volume and speed of attacks, while people remain equipped and empowered to handle the nuance.