We’ve all said it: people are the weakest link. But that’s lazy thinking. People are also the only flexible part of our defence model, the part that can sense, adapt, and recover faster than any system we’ll ever build. If you train that muscle well, it will outperform any tool.
The real challenge isn’t awareness… it’s fatigue. Everyone’s been told to stop clicking links, to use MFA, to report the phishing simulation they just failed. The gap now isn’t knowledge, it’s belief. Do people genuinely think their actions matter? Because when they do, they behave differently.
We’re seeing more business-driven CISOs, fewer command-and-control models. Awareness programs that act like part of the operating system, not an annual campaign. Risk teams borrowing from marketing, psychology, and crisis management, not to scare people, but to make them capable.
2026 will test how well we’ve built awareness into the rhythm of our organizations. It’s not about another toolkit or training cycle. It’s about knowing whether we’ve built a culture that knows how to act when the playbook isn’t enough.
That’s what still actually works.
By Karl-Fredrik “Kalle” Larsson, CISO at ID North
October 2025
ID North welcomes our latest recruit, Milos Bogdanovic. Milos will help bring value to one of our customers from day one and we are excited to have him join our team. Welcome Milos!
ID North is proud to announce the continued growth of new customers during the first quarter of this year. In the toughest possible competition, ID North has won a new deal with global company..
ID North has won a contract with Capio to provide Identity Governance based on SailPoints platform IdentityIQ. ID North is Sweden’s leading experts in Identity Governance and SailPoint is the global market leader in..