As the 2025 Gartner Security & Risk Management Summit in Washington, D.C. comes to a close, one insight stands above the rest: cybersecurity awareness is broken.
Yes, 90% of organizations today run Security Awareness Training (SAT) programs. But according to Gartner’s latest research, the numbers tell a worrying story:
- 93% of employees admit to engaging in risky behaviors they know increase their organization’s exposure.
- 61% send sensitive information unencrypted.
- 54% move data between personal and professional accounts.
- Many ignore security advice, open attachments from unknown sources, and store passwords in browsers.
Awareness is not the issue. Behavior is.
This isn’t about more training. It’s about transformation.
Over the past three days, our team at Zepo engaged in dozens of conversations with CISOs, risk leaders, and security architects. The message was clear: the human layer of security isn’t just the weakest—it’s the most overlooked. And traditional awareness efforts aren’t moving the needle.
We believe the future lies in:
- Adaptive learning that meets users where they are
- Continuous reinforcement, not one-off modules
- Measurement that focuses on risk reduction, not just participation rates
It’s time to stop asking “Did they take the training?” and start asking “Did their behavior change?”
At Zepo, we’re building the category of Social Intelligence—a smarter, more behavioral approach to managing human risk. Our mission is to help organizations close the gap between knowing and doing.
To everyone who stopped by our booth, joined a session, or shared your insights: thank you. We leave the summit even more convinced that meaningful change is not only possible—it’s urgent.
Let’s move beyond awareness. Let’s build a culture that actually reduces risk.
