Human Risk
We've curated 21 cybersecurity statistics about Human Risk to help you understand how human behavior, insider threats, and social engineering tactics are shaping security practices in 2025.
Related Topics
Showing 1-20 of 21 results
42% of organizations globally identify a lack of visibility into the AI tools employees use as a significant identity governance gap.
67% of U.S. cybersecurity decision-makers are concerned about employees inadvertently exposing sensitive information to AI systems.
56% of cybersecurity decision-makers are concerned about employees inadvertently exposing sensitive information to AI systems.
47% of U.S. cybersecurity decision-makers report concern about lack of visibility into employee AI tool usage, compared with 42% globally.
57% of desk-based workers who use email or chat have verified a message's request only after taking action first.
64% of desk-based workers who use email or chat say an AI-generated message could likely impersonate someone they work with.
63% of desk-based workers who use email or chat clicked a work-related link in the past year and later felt they should have double-checked it first.
45% of desk-based workers who use email or chat have replied to a work message and later questioned whether it was legitimate.
72% of desk-based workers who use email or chat say phishing attempts are more convincing than a year ago because of AI-written language.
57% of desk-based workers who use email or chat say AI makes phishing harder to spot because it feels more professional.
96% of organizations admit they have incomplete protection against human risk.
91% of organizations face obstacles ensuring employee compliance.
Incidents relating to the human element surged by 90%.
97% of cybersecurity leaders feel the need for increased budget allocations to bolster the security of the human element.
45% of cybersecurity leaders cited constantly evolving AI threats as their greatest challenge when tackling behavioral risk.
93% of cybersecurity leaders reported incidents caused by cybercriminals exploiting employees.
64% of organizations fell victim to external attacks that exploited employees through email.
Organisations relying solely on security awareness training (SAT) have visibility into only 12% of risky behaviour.
Strategic Human Risk Management (HRM) programmes can reduce risk 60% faster than traditional methods.
Just 10% of employees are responsible for 73% of cyber risk. This also means that a small fraction of employees (specifically 10%) are responsible for 73% of risky behaviour.