Marsh: Cyber Now the Top Global People Risk
▼ Summary
– Cyber-threat literacy, tech skills shortages, mindset barriers to AI adoption, and mishandling of data and IP are among the top people risks in Marsh’s 2026 report.
– These factors can increase cyber-attack risk, reduce competitiveness, and damage reputation and trust.
– Ed Ventham argues the real issue is lack of preparation for business impact, not just understanding cyber risk.
– Managing people-shaped risk effectively can boost workforce productivity and speed strategic initiatives like AI adoption.
– Marsh recommends investing in skills, health, and work redesign to better manage risks from human error.
Cyber-related threats now dominate the global people risk landscape, according to a major new survey from insurance broker Marsh. The 2026 People Risks report, based on interviews with over 4,500 HR and risk professionals across 26 markets, reveals that technological disruption is the most frequently cited concern among the top 10 risks.
At the top of the list is cyber-threat literacy, while tech skills shortages,particularly in cyber and AI,rank third. Sixth on the list are mindset barriers to AI adoption, including limited understanding of AI risks and mitigations, as well as workforce non-compliance with AI regulations and policies. Mishandling of data and intellectual property came in seventh.
Marsh warns that these factors collectively expose organizations to a higher risk of cyber-attacks and breaches, reduce competitiveness, hinder the ability to keep pace with evolving threats, and damage reputation and trust. The persistent challenge of low security awareness among employees continues to impact global firms. In fact, the US Cybersecurity and Infrastructure Security Agency (CISA) issued new guidance in January to help security teams mitigate insider risk.
Ed Ventham, director of broking at UK cyber-insurance specialist Assured, argues that while the focus on cyber-threat literacy is valid, it misses a larger point. “The real issue isn’t just whether people understand cyber risk, it’s how things play out when something goes wrong,” he told Infosecurity. “Increasingly, the material impact isn’t necessarily a traditional cyber-attack; it can be a failure in technology performance, systems not behaving as expected or platforms going down. All of these events drive business interruption, operational disruption and, ultimately, real economic loss.”
Ventham stresses that business leaders should prioritize mitigating the business impact of cyber-related incidents. “The risk isn’t just incidents occurring. It’s a lack of preparation for when they do, and a lack of understanding or forethought about how quickly they translate into lost revenue, contractual exposure, and balance sheet impact. That’s where boards need to be focusing.”
The Marsh report argues that managing people-shaped risk effectively is becoming a competitive advantage. Among respondents who do so, 40% reported increased workforce productivity and efficiency, while 36% said they achieved faster progress on strategic initiatives like AI adoption.
Hervé Balzano, president of health and benefits at Mercer, notes, “In 2026, resilience depends on how well organizations invest in their people: building the right skills, supporting health and financial security, and redesigning work so humans and technology can perform at their best together.”
To better manage risks tied to human error, Marsh recommends organizations focus on building cyber literacy, closing skills gaps, and fostering a culture that embraces AI responsibly while preparing for the operational fallout when incidents inevitably occur.
(Source: Infosecurity Magazine)
