The State of Human Risk 2025
Security leaders have evolved
Key Points
- Human Risk - Security leaders have evolved their strategy in the past year to better address human risk, but it remains their biggest challenge.
- Email & Collaboration Security - Email remains the most exploited entry point for attackers and collaboration tools are still a growing attack surface.
- Generative AI - Security tools that use AI are successfully combating threats, but Generative AI is also still helping threat actors launch attacks.
Human risk has surpassed technology gaps as the biggest cybersecurity challenge for organizations around the globe as demonstrated in the findings of our SOHR 2025 Report. Based on interviews with 1,100 IT security and IT decision makers, we discovered that despite having spent billions to strengthen technology stacks, breaches continue unabated, mostly due to human error. In fact, insider threats, credential misuse, and human missteps now account for most security incidents.
95% of all data breaches are caused by human error
Solving the challenge of human risk requires a dedicated approach to identifying, assessing, and mitigating these risks tailored to each user.
79% agree the use of collaboration tools poses new threats
and 95% expect to see email security challenges in 2025, demonstrating the continued need for strong email and collaboration took security.
81% are concerned about GenAI leading to sensitive data leaks
and 55% are NOT fully prepared with specific strategies for AI-driven threats, demonstrating the continued need for organizations to implement their own AI-based platforms.
“Accidental breaches occur when employees inadvertently compromise sensitive systems through misaddressed emails or failure to follow data disposal protocols. These errors, while unintentional, carry serious consequences.”
CIO, Insurance Industry
More Key Topics
In addition to the stats above, the report addresses key topics from cybersecurity professionals working tirelessly to protect their organizations.
Security Budgets
Over half of the organizations surveyed say additional budget is required for cybersecurity staffing (57%), third-party services (57%), and collaboration tool security (52%). Also, 47% say additional budget is still needed for email security.
Email & Collaboration
Most organizations (96%) say formal security strategy has improved their cybersecurity risk level, but 61% say that it is inevitable or likely that their organization will suffer a negative business impact from an attack linked to a collaboration tool in 2025.
Data Loss and Insider Risk
An insider-driven data exposure, loss, leak, and theft event would cost respondents’ organizations an average of $13.9 million, and 66% are concerned that data loss from insiders will increase at their organization in 2025.
Artificial Intelligence
Most organizations (95%) are using AI to help defend against cybersecurity attacks and/or insider threats, including threat detection and real-time monitoring (46%), endpoint protection (46%), and behavioral or sentiment insider threat analysis (43%).
Security Awareness
Security awareness training has helped employees spot cyberattacks at most organizations (87%), but 66% are still concerned that data loss from insiders will increase in 2025, and 33% still fear human error in handling of email threats.
Human Risk Management
Just 8% of employees account for 80% of incidents. Human Risk Management solutions aim to balance innovation and productivity with better prevention strategies, rather than relying solely on post-incident remediation. This shift recognizes that security awareness alone is not enough and that organizations need a Human Risk Management platform to address the issue.