2025-07-26 –, Track 2
Cyber risk management is often treated as a purely technical discipline, when in reality, human psychology and biases shape risk perception, prioritisation and management. This talk will explore some of the these human factors and offer guidance on potential management strategies.
Cyber risk management is often approached through a technical lens, yet it is profoundly influenced by human psychology and cultural factors. This talk explores the impact of cognitive biases—such as optimism bias, anchoring, confirmation bias, and the availability heuristic—on the identification, prioritisation, and mitigation of cyber threats. It examines how personality traits common among cybersecurity professionals, such as introversion and analytical thinking, shape a preference for technological controls over human-centric strategies. Organizational culture, psychological safety, and group dynamics are shown to play critical roles in shaping risk perception and response. The analysis pays particular attention to the African cybersecurity context, highlighting how resource constraints, informal digital systems, and generalist decision-making amplify bias-related vulnerabilities. The talk presents the viewpoint that effective cyber risk management must integrate psychological insight, cultural awareness, and technical proficiency to build truly resilient digital defenses.
Samresh is a Partner in Deloitte Africa’s Risk Advisory practice based in Johannesburg and is the current leader of the Africa Cyber practice. His cyber experience spans more than 20 years in the Sub-Saharan cybersecurity industry.
His core experience spans deep technical roles through to executive business and people management, across market sectors. He qualified as an Electronic Engineer, before moving into software development and system engineering roles. He then qualified as a firewall engineer, before moving into pre-sales, cybersecurity consulting, and business management roles. He holds a master’s degree in digital business, as well as several cybersecurity specific certifications, most notably CISSP (2009) and CISM (2010).
He was the Deputy CISO at ABSA Group, where he led the Cyber Security Consulting Service Group which comprised of Lead Security Consultants, Security Architects & Research teams. He also chaired the SABRIC Cybersecurity Forum, driving banking sector-wide engagement on topical cybersecurity matters. His prior work experience includes leadership roles in EY Africa, IBM Global Security Services and Dimension Data MEA (now NTT Data), the SA Reserve Bank and Siemens Telecommunications.