90% of organizations experienced incidents caused by employee mistakes.

The top factor cited for attackers successfully bypassing systems was human error at 46.10%.

Human error remains the top cybersecurity vulnerability in 2025, with 66% of CISOs citing people as their greatest risk.

43% of cybersecurity professionals identified distraction as a primary reason employees fall victim to cyberattacks.

55% of security leaders are constantly worried that a single employee mistake could put their entire organisation at risk.

Conversely, EMEA organisations show the highest reporting rate for BEC, at 4.22%

Telecommunications saw the highest VEC engagement rate at 71.3%.

In EMEA, the VEC engagement rate exceeds Business Email Compromise (BEC) by 90%.

7% of VEC engagements came from employees who had engaged with a previous attack.

The overall reporting rate for advanced text-based email threats was just 1.46%.

Junior sales staff were among the most vulnerable roles, engaging with read VEC attacks at a rate of 86%.

Employees in large enterprises engaged with malicious vendor messages 72% of the time after reading them, taking follow-up actions such as replying or forwarding.

Repeat engagement with VEC in EMEA is the highest of any region, over twice that of BEC.

The second-ranked industry for VEC engagement rate was the energy/utilities sector (56%).

EMEA organisations demonstrate the lowest reporting rate for VEC, at 0.27%.

In just 12 months, attackers attempted to steal more than $300 million via VEC.

Employees in large enterprises engaged with malicious vendor messages 72% of the time after reading them, taking follow-up actions such as replying or forwarding.

The overall reporting rate for advanced text-based email threats was just 1.46%.

Human error, while still significant, has dropped to third place of most concerning threat actors.

Human error, while still significant, has dropped to third place of most concerning threat actors.