The cybersecurity landscape is changing fast. Artificial intelligence is reshaping how attacks happen, and the threats facing businesses today look very different from those of even a year ago. But in the middle of all the new tools, tactics and technologies, one truth remains — people are still the strongest defense.
That was the focus of Outsmart Cyber Threats, a recent Chrysalis webinar led by Gregory Bledsoe Jr., Customer Success Lead, and Devyn Crowson, Information Security Officer. Together, they shared what it takes to build a security strategy that’s proactive, resilient and rooted in awareness.
Awareness: the first line of defense.
Most cyber incidents don’t start with software. They start with people.
According to Crowson, 90% of data breaches are caused by human error, like falling for phishing scams or simple misconfigurations. The good news? That number can drop quickly with consistent, meaningful training.
Organizations that invest in ongoing cybersecurity awareness programs see real results — a 70% reduction in phishing clicks, 50% fewer escalated incidents and faster reporting times when something goes wrong. But annual training isn’t enough. The best results come from short, interactive sessions and real-world simulations that keep cybersecurity top of mind throughout the year.
Crowson also noted that awareness works best in a blame-free environment. When employees feel safe reporting mistakes or suspicious emails, the entire organization responds faster. “Technology alone can’t secure a business,” he said. “Technology and trained people do.”
Leadership: setting the standard.
Cybersecurity culture starts at the top. As Bledsoe explained, when leaders model secure behavior like enabling multi-factor authentication, practicing password discipline and protecting sensitive data then adoption across the company improves by more than 60%.
He shared a lesson from his time in the U.S. Marine Corps that highlights the power of example. During a night training exercise, his platoon sergeant jumped into a stalled boat to help fix the issue under pressure. That visible leadership changed the team’s mindset from stress to focus, and the same principle applies to cybersecurity.
“When leaders communicate purpose and show visible commitment, security becomes something people take ownership of,” Bledsoe said. “It moves from compliance to confidence.”
Response: preparation that pays off.
When a breach happens — and it will — readiness determines how quickly a business recovers.
Crowson outlined four essentials for an effective incident response plan:
- Define roles and responsibilities — Know who does what before an incident happens.
- Establish a containment plan — Document how threats are isolated and who communicates updates.
- Run tabletop exercises — Practice scenarios to identify gaps and build confidence.
- Review and adapt — After every incident, capture lessons learned and strengthen the plan.
Companies that rehearse their plans recover four times faster and lose 40% less revenue than those that don’t. Preparation isn’t a nice-to-have; it’s a competitive advantage.
The AI effect: new tools, new threats.
Artificial intelligence is transforming cybersecurity on both sides of the battle.
While AI helps defenders detect and respond faster, it also gives attackers new ways to target businesses. Crowson warned of threats like data poisoning, prompt injection and deepfakes — AI-generated media or voices that impersonate trusted people.
He shared a real-world example where a company’s accountant received a phone call from what sounded like their CFO, urgently requesting a funds transfer. It wasn’t the CFO; it was a cloned voice. The result? A six-figure loss in minutes.
To defend against these new risks, businesses must update awareness programs, verify AI tool integrity and keep humans in the loop for oversight. “Trust but verify,” Crowson said. “AI can make us faster, but we still need people to keep it accountable.”
From fear to foresight.
Cybersecurity isn’t about fear; it’s about foresight. As Bledsoe shared in closing, leadership should treat cybersecurity as a strategic conversation, not just an IT function. Keep awareness training continuous, rehearse response plans quarterly and audit your AI tools regularly.
“When your team understands the risks, they gain the power to prevent them,” he said. “Awareness turns uncertainty into confidence and confidence into action. That’s how resilience begins.”
Your next step: assess, strengthen, evolve.
Every organization’s risk profile is unique — and the best defense starts with understanding where you stand. Chrysalis offers a free cybersecurity assessment to help businesses identify vulnerabilities and build strategies that stay ahead of evolving threats.
Because the future of cybersecurity isn’t just about firewalls or software — it’s about people.
With Chrysalis, the future is tech evolved.