Cyber-related challenges dominate the top 10 people risks highlighted in a new global survey from Marsh.
The insurance broker’s 2026 People Risks report is compiled from interviews with over 4500 HR and risk professionals in 26 global markets.
Technological change and disruption was cited most frequently in the top 10 risks.
“Cyber-threat literacy” placed first while tech skills shortages, such as those in cyber and AI, came in at number three.
“Mindset barriers to AI adoption” came sixth. This includes limited knowledge of AI risks and mitigations, and workforce non-compliance with AI regulations and policy.
Mishandling of data and IP was placed seventh.
Read more on employee-related risk: Cost of Insider Incidents Surges 20% to Nearly $20m
Marsh claimed that these factors could together expose organizations to an increased risk of cyber-attacks and breaches, reduce their competitiveness and ability to keep pace with the evolving threat landscape, and damage reputation and trust.
The challenges of low security awareness among employees are well understood but continue to impact global organizations. The US Cybersecurity and Infrastructure Security Agency (CISA) was forced to release new guidance in January to help security teams mitigate insider risk.
Ed Ventham, director of broking at UK cyber-insurance specialist Assured, argued that the focus on cyber-threat literacy, while valid, misses a bigger point.
“The real issue isn’t just whether people understand cyber risk, it’s how things play out when something goes wrong,” he told Infosecurity. “Increasingly, the material impact isn’t necessarily a traditional cyber-attack; it can be a failure in technology performance, systems not behaving as expected or platforms going down. All of these events drive business interruption, operational disruption and, ultimately, real economic loss.”
Business leaders should be more focused on mitigating the business impact of cyber-related incidents, he noted.
“The risk isn’t just incidents occurring,” Ventham continued. “It’s a lack of preparation for when they do, and a lack of understanding or forethought about how quickly they translate into lost revenue, contractual exposure, and balance sheet impact. That’s where boards need to be focusing.”
Why Managing People‑Shaped Risk is Becoming a Competitive Advantage
Managing people-shaped risk effectively is essential to driving competitive advantage, the Marsh report argued.
Some 40% of respondents who did so said they increased workforce productivity and efficiency, while 36% said they achieved faster progress on strategic initiatives such as AI adoption.
Hervé Balzano, president of health and benefits at Mercer, said, “In 2026, resilience depends on how well organizations invest in their people: building the right skills, supporting health and financial security, and redesigning work so humans and technology can perform at their best together.”
To better manage the risks associated with human error, Marsh recommended:
- Reframing cyber risk to include broader risks such as those to OT, HR and benefits systems, and third-party services
- Identifying potential exposures via cyber-risk planning
- Recruiting talent with strong cybersecurity skills
- Creating a cyber-centric culture where security concerns are heard and all staff understand their responsibilities
- Reducing the causes of fatigue and stress, which can lead employees to drop their guard
- Ensuring human oversight of critical systems backed by strong governance and insurance cover
