Tech & AI LIVE London: Keynote from CybSafe's Annick O'Brien
At Tech & AI LIVE London, Annick O'Brien, General Counsel at CybSafe, delivered a compelling keynote on the Cyber Stage titled AI and Cyber Risk: The Human Factor.
Annick brought to the forefront the growing need for a behavioural approach to cybersecurity in the age of AI, big data, and rapid tech development.
The evolving threat landscape and AI’s role
Annick opened by explaining how CybSafe focuses not only on technology but on people, helping users make secure digital choices.
She described the current landscape as one where human behaviour is increasingly exploited by evolving AI-driven threats.
“Human risk management continues to be a major vulnerability in cybersecurity,” she said, pointing to how fatigue induced by big data and fast-moving technology compounds the issue.
AI, she warned, is not just a tool for innovation but also a weapon for attackers.
It’s being used to “impact human trust and to impact human error”, Annick says, which are key components in breaches.
She described scenarios where employees may fall victim to sophisticated AI-generated phishing calls or deepfakes, mistaking them for legitimate internal communications.
Importantly, she emphasised: “I’m not saying that people are the biggest risk in cybersecurity. What I’m saying is that human behaviour creates a critical vulnerability.”
Regulation, measurement and mindset shifts
On a regulatory level, Annick highlighted the EU AI Act as a framework that places human oversight at the centre of AI governance.
She observed that organisations are shifting their focus from generic awareness training to measurable risk management.
“The discussion is now about risk. The discussion is not about training,” she stated.
The conversation then turned to how AI is driving both threats and solutions.
Attackers use AI to accelerate smishing, deepfakes and privilege misuse.
Yet, she noted, AI can also help defenders detect and manage those threats in real-time.
She explained how AI algorithms monitor multi-factor authentication (MFA) fatigue, where employees become tired of constant verification requests, increasing the risk of them bypassing security measures.
“There is a tangible element of risk that can be measured and reduced by addressing that human factor,” she said.
Annick also addressed the economic context, noting that as budgets tighten, security strategies must shift away from compliance-for-compliance-sake.
“We're never going to make money through compliance. But we can save money,” she said, advocating for the use of AI and data to directly link human risk mitigation with cost efficiency.
Changing behaviours and fostering responsibility
Moving from macro to micro, Annick introduced CybSafe’s annual report “Oh Behave,” developed in collaboration with the National Cyber Security Alliance.
The report examines security behaviours at home and at work, revealing how blurred lines between personal and professional digital lives impact risk.
She shared eye-opening statistics from the report:
- 65% of people are concerned about AI-related cybercrime
- 52% believe they haven’t received proper training on safe AI use
- 38% have shared sensitive information with AI tools without employer consent
This underscores a significant gap in AI safety education.
“Fifty per cent of us haven’t been helped by our organisation to make a safe digital decision,” she said.
At CybSafe, behaviour change is approached through the COM-B model, capability, opportunity, and motivation.
Annick stressed: “Training awareness does not change behaviour, capability, opportunity, motivation changes behaviour.”
AI’s translation capabilities, she added, are shifting phishing from being an English-centric issue to a multilingual one.
Phishing messages are now more convincing across languages, making them harder to detect.
In closing, she argued that AI isn’t introducing new risks but revealing existing ones. The solution lies in transparency, human oversight and measured responses.
“We should understand what AI is doing, how it's being used in our organisations,” she said. “There should be no black boxes.”
Annick left attendees with a clear message: “AI is a huge opportunity for the security industry to enable them to really protect organisations.
“But it does increase the threat landscape. We need to understand those human behaviours and to help people make safe digital decisions.”
Essential diary dates for 2025
Discover the essential diary dates for Technology Magazine and AI Magazine and its sister publications Mobile Magazine and Data Centre Magazine.
To follow Tech & AI LIVE on LinkedIn, click here.
To enter for the Global Tech & AI Awards, click here.
- Tech & AI LIVE London + Cyber LIVE London | 14-15 May
- The Global Tech & AI Awards | 14 May
- Tech & AI LIVE Singapore | 4 November
- Tech & AI LIVE New York | 18 November
Explore the latest edition of Technology Magazine and be part of the conversation at our global conference series, Tech & AI LIVE.
Discover all our upcoming events and secure your tickets today.
Technology Magazine is a BizClik brand
