When it comes to assessing the risk from the human element, most cybersecurity professionals don’t know where to start. Often organizations are shortsighted and look at only the immediate phishing or misdirected emails rather than what the impacts are further down the attack chain. This can lead to over-stating or under-stating the actual risk. However, one cybersecurity expert argues there is a disciplined way to assess the risk of the human element via a two-step analysis, specifically by looking at the likelihood of an adverse event occurring and the consequences that would result if it were to occur. Estimating likelihoods and consequences can seem like a daunting task, but an example of how an organization can identify this information provides some helpful insights. Threatpost.