Cybercrime is the no. 1 business risk – and employee behavior has a lot to do with decreasing that risk. Learn more in this report, featuring expert interviews and exclusive phishing data.Download the report
Cybercrime today is highly professionalized – exploiting vulnerabilities on a large scale, employing innovative and sophisticated tactics, and posing immense challenges to businesses, governments, and individuals alike. And the situation isn’t likely to improve in the near future:
1 in 2
organizations experienced a successful cyberattack in the past 3 years.
of organizations don’t expect the situation to ease in the next year, either.
Top 3 tactics in successful attacks
Top 3 departments targeted
Various trends, including geopolitics, AI advancements, new work models, and IT staff shortages further worsen the cyberthreat landscape. As cybercriminals quickly adapt their tactics to these changes, many organizations struggle to minimize (human) cyber risks.
3 in 4
security professionals say their organization’s cyber risk has increased due to geopolitics, AI, and remote work.
8 in 10
say their organization’s security is increasingly dependent on the security of their partners and suppliers.
In case of a successful ransomware attack, more than a third of companies paid the ransom.
Among smaller companies, almost half were forced to pay.
Companies have invested more in technology than in people over the past 10 years. They’ve since come to understand that technology isn’t everything, and that social engineering is a real problem.
I often hear the old saying, ‘If it’s not broken, don’t fix it.’ But when an attack does happen, the consequences can be severe.
We shouldn’t only focus on the corporate level but also on other levels to increase security awareness in society, make people comprehend the threat situation, the need for cyber resiliency, and how to handle sensitive data. It should be a mandatory subject for everyone.
The number one challenge in the cyber security industry right now is burnout: There’s too much data, too many cases, and not enough time.
We’re receiving harmful emails more frequently, and each new wave is more intense than the last.
Everything that I can cover through employee awareness makes me more resilient as a company. I save on time, money, and stress, and avoid more risks.
Cyber awareness must become an integral part of everyday routine, just like fastening the seatbelt before driving.
Many users are less focused when working from home, and it’s a more relaxed environment. They mix a lot of personal activities into their workflow, resulting in inattentiveness.
Human behavior is always most easily detected by other people. If you rely 100% on technology and assume that it will catch everything, you’re making a big mistake.
Security experts have realized that technology alone is not enough to protect their organizations. As employees remain susceptible to social engineering attacks and risky security practices, organizations are prioritizing building strong security cultures.
Top 3 priorities for security professionals:
9 in 10 organizations plan to maintain or increase their awareness measures in the upcoming year.
The biggest levers for greater security awareness impact, according to security professionals:
Including full-length expert interviews, exclusive social engineering and phishing data, and best practices for minimizing human risks.