The Cybercrime Trends 2025 report is here. Get expert insights to tackle next-gen cyber risks. Read more.

Contact
Languages

Human Risk
Review

Cybercrime is the no. 1 business risk – and employee behaviour has a lot to do with decreasing that risk. Learn more in this report, featuring expert interviews and exclusive phishing data.

Download the report
Human Risk Review visual Background gradient

As seen in

Yahoo Finance logo TEFR logo Sifted logo

The threat landscape is tense

Cybercrime today is highly professionalized – exploiting vulnerabilities on a large scale, employing innovative and sophisticated tactics, and posing immense challenges to businesses, governments, and individuals alike. And the situation isn’t likely to improve in the near future:

1 in 2

organisations experienced a successful cyberattack in the past 3 years.

of organisations don’t expect the situation to ease in the next year, either.

Top 3 tactics in successful attacks

Top 3 departments targeted

Find out more

Meanwhile, cybercrime is booming

Various trends, including geopolitics, AI advancements, new work models, and IT staff shortages further worsen the cyberthreat landscape. As cybercriminals quickly adapt their tactics to these changes, many organisations struggle to minimize (human) cyber risks.

3 in 4

security professionals say their organisation’s cyber risk has increased due to geopolitics, AI, and remote work.

8 in 10

say their organisation’s security is increasingly dependent on the security of their partners and suppliers.

In case of a successful ransomware attack, more than a third of companies paid the ransom.

Among smaller companies, almost half were forced to pay.

Find out more

More insights waiting for you

  • 9 in-depth conversations with security leaders, full of industry insights and strategies
  • An expert survey on the current state of cyber security in Europe – and best practices for minimizing human risks
  • Detailed social engineering analyses, providing a look into cybercriminals’ most successful tactics
Download the full report

Expert interviews

First-hand industry insights from security leaders

Bundeswehr logo
Bundeswehr logo

Companies have invested more in technology than in people over the past 10 years. They’ve since come to understand that technology isn’t everything, and that social engineering is a real problem.

Dr. Katrin Suder

I often hear the old saying, ‘If it’s not broken, don’t fix it.’ But when an attack does happen, the consequences can be severe.

Thomas Tschersich

Thomas Tschersich

CSO at Deutsche Telekom & CEO at Telekom Security

We shouldn’t only focus on the corporate level but also on other levels to increase security awareness in society, make people comprehend the threat situation, the need for cyber resiliency, and how to handle sensitive data. It should be a mandatory subject for everyone.

Jens Becker

Jens Becker

CIO at Zurich Gruppe Deutschland

The number one challenge in the cyber security industry right now is burnout: There’s too much data, too many cases, and not enough time.

Stéphane Duguin

Stéphane Duguin

CEO at CyberPeace Institute

We’re receiving harmful emails more frequently, and each new wave is more intense than the last.

Sascha Czech

Sascha Czech

CSO at Uniklinik Münster

Everything that I can cover through employee awareness makes me more resilient as a company. I save on time, money, and stress, and avoid more risks.

Thomas Schumacher

Thomas Schumacher

Managing Director at Accenture Security Germany

Cyber awareness must become an integral part of everyday routine, just like fastening the seatbelt before driving.

Major General Jürgen Setzer

Major General Jürgen Setzer

CISO Bundeswehr

Many users are less focused when working from home, and it’s a more relaxed environment. They mix a lot of personal activities into their workflow, resulting in inattentiveness.

Dr. Stefan Lüders

Dr. Stefan Lüders

Computer Security Officer at CERN

Human behaviour is always most easily detected by other people. If you rely 100% on technology and assume that it will catch everything, you’re making a big mistake.

Tobias Ludwichowski

Tobias Ludwichowski

CISO at Signal Iduna

Previous insight Next insight
Read full interviews

80% of security experts see social engineering and phishing as major risks to their organisation

1 in 3

users click on harmful content in phishing emails, and out of these…

1 in 2

proceed to enter sensitive information.

Digital natives are

more likely to click on phishing emails than older users.

Find out more

Are companies prepared?

Security experts have realised that technology alone is not enough to protect their organisations. As employees remain susceptible to social engineering attacks and risky security practices, organisations are prioritizing building strong security cultures.

Top 3 priorities for security professionals:

9 in 10 organisations plan to maintain or increase their awareness measures in the upcoming year.

The biggest levers for greater security awareness impact, according to security professionals:

Find out more

Our data

Methodology and data sources

A

Survey among security professionals

  • More than 1,000 security professionals from 6 European countries were surveyed in 2023.
  • In collabouration with Censuswide, an international market research consultancy.
  • The size of the organisations ranged from 10 to more than 5,000 employees, across all industries.
B

SoSafe platform data

  • 8.4 million simulated phishing emails from 3,000 customer organisations were analysed.
  • Exclusive insights into human risk levels and the success of different attack tactics were gathered.
C

Phish Test

  • Over 9,000 simulated emails were sent to users who signed up in 2022.
  • Participants were sent three simulated attacks over the course of a week.
  • The users had to identify these emails. If they clicked, they were forwarded to contextual learning resources.

Read the full report!

Including full-length expert interviews, exclusive social engineering and phishing data, and best practices for minimizing human risks.

Request a demo

Learn how our platform can help you empower your team to continuously avert cyber threats and keep your organization secure. Schedule a demo and one of our experts will contact you soon.

Compliance & security

ISO 27001
TISAX
GDPR

Industry recognition

G2 Europe Leader Winter 2025 G2 Leader Winter 2025 The Forrester Wave™ Strong Performer 2024: Human Risk Management Solutions

Experience our products first-hand

Use our online test environment to see how our platform can help you empower your team to continuously avert cyber threats and keep your organization secure.

G2 Europe Leader Winter 2025 G2 Leader Winter 2025 The Forrester Wave™ Strong Performer 2024: Human Risk Management Solutions
Products

Security Awareness Training

Create safer habits through personalized, gamified, and story-based cybersecurity awareness training.

Smart phishing simulations

Improve your employees’ threat reporting skills and accelerate threat detection.

Always-on human security copilot

Transform your workforce into a proactive defence line with our AI-powered conversational chatbot Sofie.

Proactive human risk management

Continuously monitor, measure, and mitigate human risk in real time with the Human Risk OS platform.

Discover our solutions
with our product tours

Human Risk OS Start virtual tour
Solutions

Become security compliant

Security compliance

Automate and accelerate time to compliance

Build a security culture

Security culture

Integrate secure behaviour into your organisation’s DNA

Discover our customer success stories

Customer stories Read now
Pricing
Company
Why SoSafe About SoSafe Contact
Contact Login
Languages