As more than 80% of cyberattacks are caused by human failure, the NIS2 Directive states that "Cybersecurity risk-management measures should provide for systemic analysis, taking into account the human factor" (Article no. 78).