Artificial intelligence (AI) has radically changed cybersecurity in a short space of time. AI helps to detect anomalies faster, map threats, and automate repetitive tasks. However, that same technology also lowers the barrier for attackers. Phishing becomes more convincing, social engineering more credible, and attacks more scalable. This creates a new balance: technology is becoming more powerful, but the human factor is not becoming any less important.
Anyone looking at cyber resilience today cannot ignore this reality. Organizations are rightly investing in platforms, tooling, and automation, but they remain vulnerable when employees are not sufficiently aware and alert, security teams lack the right skills, and training is still too often treated as a box-ticking exercise. AI is changing the operational model of cybersecurity, but it is not replacing humans. Knowledge, awareness, and training determine whether AI becomes an amplifier of security or simply an additional risk factor.
We notice that difference first and foremost on the shop floor. The rise of AI-driven threats has increased general awareness around cybersecurity. Employees better understand why vigilance is necessary. However, awareness alone is not enough. Knowing that risks exist is different from recognizing and correctly reporting a convincing deepfake, a perfectly phrased phishing email, or a misleading prompt. That is precisely where the greatest challenge lies for many organizations today.
Daily practice
The traditional approach to security awareness falls short in this context. An annual training session or a one-off compliance module is no longer sufficient in an environment where threats are constantly evolving. Awareness must become more frequent and relevant. Employees must learn to handle scenarios that align with their daily practice: from the safe use of generative AI tools to recognizing subtle manipulation. Microlearning, simulations, and repetition are a necessary foundation for this.
The importance of internal risks is also growing. Cybersecurity is still often viewed through the lens of external attackers, but organizations are increasingly realizing that thoughtless behavior, careless data use, or a lack of internal knowledge can cause at least as much damage. This makes security awareness more than just an IT topic; it is an organization-wide responsibility. Cyber safety does not just happen in the security operations center, but also in the daily decisions of employees, managers, and executives.
Over-reliance
For security professionals, the impact of AI is just as significant. Virtually every organization today is exploring or using AI-supported security solutions. But broad adoption does not necessarily mean these tools are being used optimally. AI systems must be validated, tailored to the organization’s context, and critically monitored. Without that expertise, there is a risk of over-reliance on automation, resulting in blind spots or incorrect interpretations. AI does not replace security teams; instead, it shifts their role toward higher-level analysis, interpretation, and decision-making.
Strategic building blocks
This makes the skills gap more urgent than ever. The question is not only whether organizations can find enough people, but also whether they are developing the right competencies in the people they already have. Technical training, role-based education, and certification are therefore becoming strategic building blocks of cyber resilience. They help structure and validate knowledge in a field that is becoming increasingly complex. In a labor market where experienced security profiles remain scarce, investing in training is often the most realistic and sustainable way to reduce risk.
For organizations, this means that cyber resilience must be viewed more broadly. Resilience is not just the result of good products or a strong architecture. It depends just as much on the readiness of employees, the maturity of security teams, and a culture where security is seen as a shared responsibility. Technology remains indispensable, especially now that AI is further driving the scale and speed of threats. But technology without competent people around it remains an incomplete answer.
Consistent investment
The organizations that will make a difference in the coming years are not necessarily those with the most tools, but those that combine technology with a consistent investment in people: in awareness, in permanent training, and in a broader learning culture. It is not AI itself, but the extent to which people learn to work with it, that determines how resilient an organization truly is.
This is a guest contribution from Caroline Van Cleemput, Country Manager Belux at Fortinet. Discover here how Fortinet supports organizations with security awareness training, technical certifications, and practical learning paths to make employees more resilient against the threats of today and tomorrow.