Cybersecurity teams love to talk about zero-days, nation-state actors, and cutting-edge tooling. Yet the earliest signs of an impending breach rarely appear in threat intel feeds—they show up in employee reviews long before an attacker ever touches the network. This talk introduces a new approach to forecasting cyber incidents by analysing anonymous organisational sentiment at scale.

Using millions of employee reviews, I built a Cyber-Risk Feature (CRF) index that detects patterns linked to governance failures, insider-threat indicators, workplace stress, and cultural dysfunction. When analysed over time, these signals form a striking pattern: they consistently intensify two to three years before major incidents occur.

The research shows that rising mentions of burnout, poor training, politics, blame, outdated systems, and chaotic change management aren’t just HR problems—they are leading indicators of future compromise. In several organisations, these cultural stressors spiked long before any attacker showed up, suggesting that breaches often emerge from environments already strained, distracted, or poorly governed.

This talk introduces a practical, data-driven way to surface cultural cyber risk using publicly available sentiment, without naming or shaming individual companies. Attendees will learn how human factors manifest in language, how to track cultural drift, and why behavioural signals should sit alongside technical telemetry in modern security strategy.

Attendees will walk away with:

• A new lens for spotting cyber risk hidden in plain sight.
• A practical understanding of how employee sentiment correlates with breach likelihood.
• Early-warning indicators rooted in behaviour, not just logs.
• A case for integrating cultural analytics into security strategy before—not after—compromise.

If we want to prevent tomorrow’s breaches, we need to listen to the people living today’s organisational reality. Culture leaves data trails—and those trails tell the story long before the attackers do.