Human Risk

Cybercrime is the no. 1 business risk – and employee behavior has a lot to do with decreasing that risk. Learn more in this report, featuring expert interviews and exclusive phishing data.

Download the report
Human Risk Review visual Background gradient

As seen in

The threat landscape is tense

Cybercrime today is highly professionalized – exploiting vulnerabilities on a large scale, employing innovative and sophisticated tactics, and posing immense challenges to businesses, governments, and individuals alike. And the situation isn’t likely to improve in the near future:

1 in 2

organizations experienced a successful cyberattack in the past 3 years.

of organizations don’t expect the situation to ease in the next year, either.

Top 3 tactics in successful attacks

Top 3 departments targeted

Meanwhile, cybercrime is booming

Various trends, including geopolitics, AI advancements, new work models, and IT staff shortages further worsen the cyberthreat landscape. As cybercriminals quickly adapt their tactics to these changes, many organizations struggle to minimize (human) cyber risks.

3 in 4

security professionals say their organization’s cyber risk has increased due to geopolitics, AI, and remote work.

8 in 10

say their organization’s security is increasingly dependent on the security of their partners and suppliers.

In case of a successful ransomware attack, more than a third of companies paid the ransom.

Among smaller companies, almost half were forced to pay.

More insights waiting for you

  • 9 in-depth conversations with security leaders, full of industry insights and strategies
  • An expert survey on the current state of cyber security in Europe – and best practices for minimizing human risks
  • Detailed social engineering analyses, providing a look into cybercriminals’ most successful tactics

80% of security experts see social engineering and phishing as major risks to their organization

1 in 3

users click on harmful content in phishing emails, and out of these…

1 in 2

proceed to enter sensitive information.

Digital natives are

more likely to click on phishing emails than older users.

Are companies prepared?

Security experts have realized that technology alone is not enough to protect their organizations. As employees remain susceptible to social engineering attacks and risky security practices, organizations are prioritizing building strong security cultures.

Top 3 priorities for security professionals:

9 in 10 organizations plan to maintain or increase their awareness measures in the upcoming year.

The biggest levers for greater security awareness impact, according to security professionals:

Our data

Methodology and data sources


Survey among security professionals

  • More than 1,000 security professionals from 6 European countries were surveyed in 2023.
  • In collaboration with Censuswide, an international market research consultancy.
  • The size of the organizations ranged from 10 to more than 5,000 employees, across all industries.

SoSafe platform data

  • 8.4 million simulated phishing emails from 3,000 customer organizations were analyzed.
  • Exclusive insights into human risk levels and the success of different attack tactics were gathered.

Phish Test

  • Over 9,000 simulated emails were sent to users who signed up in 2022.
  • Participants were sent three simulated attacks over the course of a week.
  • The users had to identify these emails. If they clicked, they were forwarded to contextual learning resources.

Read the full report!

Including full-length expert interviews, exclusive social engineering and phishing data, and best practices for minimizing human risks.