Cybercrime continues to grow at an alarming rate, and human behavior has emerged as one of its most significant enablers. A recent report compiled by cybersecurity awareness firm KnowBe4 highlights that employees themselves are increasingly becoming threat catalysts within organizations. Rather than being purely victims of cyberattacks, human actions—both intentional and unintentional—are now major contributors to data breaches, account compromises, and information leaks across corporate environments.
The report points out that email remains the most widely used medium for deceiving employees. Phishing emails, malicious attachments, and fraudulent links continue to exploit human trust and lack of awareness. Closely following email are messaging platforms such as Slack, Microsoft Teams, and WhatsApp, which cybercriminals now actively misuse to spread malware, conduct social engineering attacks, and impersonate trusted colleagues. Social media platforms rank third as channels for cyber fraud, with smishing (SMS-based phishing) also contributing significantly to the growing threat landscape.
KnowBe4’s The State of Human Risk 2025 report emphasizes that insider threats pose a substantial risk that is often underestimated by cybersecurity leaders. According to the findings, nearly 43% of recorded incidents in the past year occurred due to sensitive data being leaked or sold to competitors. A notable number of breaches also took place when new employees mishandled information, highlighting the risks associated with onboarding phases where security awareness may still be limited.
The report further explains that simple human errors frequently lead to serious security breaches. Actions such as storing sensitive information on unsecured servers like FTP, sending emails to incorrect recipients, or failing to follow proper data-handling procedures have resulted in confidential data being exposed to hackers or traded on the dark web. These mistakes, while seemingly minor, can have severe consequences for organizations.
In many cases, employees believe that cybersecurity is solely the responsibility of IT or security teams. This misconception significantly increases organizational risk. In reality, cybersecurity is a shared responsibility. Every employee plays a role in protecting data, whether it is during storage, transmission, or daily usage. Negligence or lack of caution—regardless of whether the organization is public or private—can expose systems to serious vulnerabilities.
KnowBe4 security report also notes that a well-designed Human Risk Management program can provide up to 71% visibility into employee risk profiles. However, despite recognizing the importance of addressing human risk, 97% of security leaders admit that budget constraints continue to limit their ability to effectively manage and mitigate these risks. This gap underscores the urgent need for organizations to prioritize cybersecurity awareness, training, and cultural accountability to combat the growing threat of human-driven cybercrime.
Join our LinkedIn group Information Security Community!
