Adversaries with ominous names like Volt Typhoon and Dark Scorpius dominate cybersecurity discussions, yet one critical threat is often overlooked: the everyday behaviors of people within organizations. Protect your organization in 2025 with the insights gleaned from our report with Mimecast as we challenge this oversight by examining human risk in detail, exposing how it manifests, identifying those most responsible, and providing actionable steps to mitigate it. Drawing on Mimecast’s extensive telemetry data and Cyentia’s analytical expertise, the report sheds light on behaviors that increase exposure to phishing, malware, and other cyber threats.
The findings reveal that nearly half of employees engage in at least one form of risky behavior, such as clicking phishing links, downloading malware, or violating browsing policies.
Despite this widespread occurrence, the report highlights a critical concentration of risk within a small group of individuals, with just five percent of employees responsible for the majority of risky actions.
These patterns underscore the importance of targeted interventions. The analysis also explores the effectiveness of simulated phishing campaigns, revealing that click rates for these exercises are often higher than those for real phishing attempts. This discrepancy raises important questions about the calibration of simulations and their role in preparing employees for real-world threats.
Malware events, while less frequent than phishing incidents, present another persistent challenge. The report finds that although only two percent of employees encountered malware during the analysis period, some individuals repeatedly triggered events, with one in seven responsible for ten or more malware encounters.This pattern of repetition underscores the critical need for tailored training and intervention.
Browsing policy violations emerge as a more common but less direct risk factor, with over a third of employees accessing sites that increase exposure to scams or malicious software. These behaviors, while not immediately harmful, highlight gaps in organizational policies and the importance of monitoring web activity.
Public-facing roles, such as executives, sales teams, and board members, face a particularly high volume of phishing attempts due to their increased visibility and influence. Interestingly, while these roles are frequently targeted, they often exhibit lower click rates than other employees, suggesting that their elevated risk stems more from exposure than from susceptibility. Managers, for example, are less likely to fall for phishing emails but remain high-risk due to the sheer volume of attempts directed at them. The report also examines tenure-related trends, revealing that newer employees are more likely to click on phishing emails, while those with longer tenures face greater exposure as their contact information circulates more widely over time.
This report doesn’t merely highlight vulnerabilities; it offers a path forward. Addressing human risk requires a proactive, behavior-focused approach to cybersecurity. Rather than relying solely on broad awareness campaigns, organizations must implement targeted interventions tailored to individuals prone to risky behavior. Advanced analytics can help identify these employees, enabling security teams to deploy personalized training and real-time interventions. For high-risk roles, additional layers of protection, such as monitoring and reduced public exposure, can significantly mitigate threats. Mimecast’s AI-powered Human Risk Management platform exemplifies the kind of integrated, human-centric strategy necessary to address these challenges.
Ultimately, cybersecurity begins and ends with people. By understanding and addressing the behaviors that expose organizations to risk, leaders can build stronger defenses and foster a culture of security awareness. The insights from this report provide a vital resource for navigating the complexities of human risk, offering a clearer path toward a more resilient cybersecurity posture. To dive deeper into these findings and learn how to strengthen your defenses, download the full report here.
Leave a Reply
Want to join the discussion?Feel free to contribute!