Across Asia Pacific, cybersecurity leaders are rethinking how they protect their organisations from the most persistent and evolving threat: email. As the primary channel for business communication, email continues to be the point of entry for many of today’s most damaging attacks. The explosion of generative and agentic AI has only accelerated this challenge, allowing cybercriminals to craft hyper personalised messages, deepfake voices and multi-channel attacks that appear almost indistinguishable from legitimate communication.

The response requires a shift in strategy. Rather than adding another layer of complexity to the tech stack, organisations are turning to integrated approaches that combine advanced AI powered detection with human understanding. This is where the evolution of email security is heading, and why KnowBe4’s partnership with Microsoft marks an important milestone for the region.

Integrated defences for a changing threat landscape

The recent integration of KnowBe4 Defend with Microsoft Defender for Office 365 represents a major step forward for email security. It brings together Microsoft’s world class collaboration and security infrastructure with KnowBe4’s behavioural based detection to deliver an adaptive, multi layered defence that identifies and neutralises attacks traditional systems might miss.

Rather than replacing existing investments, this approach enhances them. By embedding KnowBe4’s cloud email security capabilities directly into Microsoft’s ecosystem, organisations across Asia can now maintain their trusted workflows while adding powerful new defences against phishing, business email compromise and other socially engineered threats. The result is a more cohesive strategy that connects technology, people and process.

This shift is vital across Asia Pacific, where hybrid work, rapid digital transformation and diverse device ecosystems have expanded the attack surface. Phishing threats are no longer limited to suspicious links or fake invoices. They increasingly exploit legitimate services such as cloud file sharing or productivity tools, making traditional secure email gateways less effective. Integrated, intelligent and AI enabled solutions are therefore becoming essential to close these gaps and build long term resilience.

AI plays a dual role in this evolution. While attackers are using AI to automate and personalise their campaigns, defenders can harness it to detect anomalies, assess risk in real time and coach users at the moment of decision. This balance between machine intelligence and human judgement is shaping a new era of workforce driven security.

The next evolution: managing human and AI agent risk

Even with AI powered tools, the human element remains both the strongest defence and the most targeted. Studies continue to show that human action contributes to the majority of security incidents, not through carelessness but through the complexity of the modern threat landscape. Addressing this requires an understanding of how people think, work and respond under pressure.

This is where human risk management, or HRM, becomes critical. HRM moves beyond traditional awareness training to continuously measure, monitor and mitigate human derived risk. It combines behavioural science with AI driven insights to help organisations understand who is most at risk, how behaviour changes over time and where interventions can have the greatest impact.

The Strategic Framework for human risk management highlights four interconnected pillars: Defend, Educate, Empower and Protect. Together they create a culture of security that makes safer behaviour intuitive and consistent. In practice, this means integrating real time detection with teachable moments that guide users toward better choices, and using AI to personalise training and simulate realistic threats.

As AI agents increasingly support human teams, the focus must now expand from training people alone to building workforce trust across both humans and machines. This involves ensuring that AI agents are guided by the same principles of transparency, accountability and security awareness that underpin effective human behaviour.

As we head into 2026, the convergence of AI, email security and human centric risk management will define the next chapter of cyber resilience. The question for organisations is no longer whether their defences can stop every attack, but whether they can adapt as quickly as the threats do.

Building that adaptability starts with people and the AI systems that support them, because cybersecurity in the age of intelligence will always depend on trust, awareness and collective resilience.