In its recent research, the Chartered IIA sought to understand what organisations are doing to manage and mitigate cyber security risk, and what they are doing to promote a cyber security aware culture. Kristina Grinkina explains that the research findings highlight a concerning gap. She explains that, with organisations considering a hybrid way of working beyond the pandemic, a combination of technology and awareness to mitigate human error will be the most effective defence in the new normal.