Human Risk and Overconfidence in Cybersecurity Posture
The Arctic Wolf 2025 Human Risk Behavior Snapshot: 2nd Edition highlights a significant disconnect between organizational confidence in cybersecurity and the reality of human-driven risk. The report, based on a survey of over 1,700 IT leaders and end users, reveals that 68% of organizations experienced a breach in the past year, marking an 8% increase from the previous year. Despite this rise in breaches, three-quarters of IT leaders maintain the belief that their organizations are safe from phishing attacks, a perception not supported by incident data. The FBI IC3 reported that over $6.3 billion was lost to business email compromise (BEC) scams in 2024, with Arctic Wolf researchers attributing 72.9% of BEC cases to phishing. This suggests that phishing remains a persistent and effective attack vector, undermining organizational defenses. The report underscores that human error and risky behaviors, such as clicking on malicious links, continue to be major contributors to security incidents. Nearly two-thirds of surveyed leaders admitted to clicking on a malicious link, and one in five of those who did so experienced a negative outcome. The findings indicate that investments in sophisticated technical defenses are being undermined by the unpredictable nature of human behavior. Leadership overconfidence is identified as a critical vulnerability, as it leads to underestimation of the threat posed by social engineering and phishing. The report calls for a reassessment of security strategies to address the human element, emphasizing the need for ongoing security awareness training and realistic risk assessments. The data suggests that without addressing human factors, organizations will continue to face a high likelihood of breaches. The report also highlights the importance of bridging the gap between perceived and actual security posture, advocating for a more holistic approach to risk management. The findings serve as a warning that technology alone is insufficient to protect against evolving threats. Organizations are urged to foster a culture of security mindfulness and to implement controls that account for human fallibility. The report concludes that addressing the human element is essential for reducing breach rates and improving overall cybersecurity resilience.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Coverage emphasizes phishing reporting lapses among IT leaders
Subsequent media coverage highlighted the report's finding that IT leaders themselves often fail to report phishing incidents promptly, underscoring a gap between confidence and actual security behavior. This was a reframing of the same survey findings rather than a new disclosure by Arctic Wolf.
Report highlights rise in self-reported breaches and risky user behavior
The 2025 report found that 68% of IT leaders said their organization suffered a breach in the past year, up 8% from 2024, with the sharpest increases in Australia, New Zealand, and the U.K. and Ireland. It also documented risky behaviors including clicking malicious links, underreporting incidents, incomplete MFA adoption, and entering confidential data into generative AI tools.
Arctic Wolf publishes 2025 Human Risk Behavior Snapshot
Arctic Wolf released its second annual Human Risk Behavior Snapshot, based on an independent survey of more than 1,700 IT leaders and end users worldwide. The report said human behavior remains a leading driver of breaches despite high confidence in phishing defenses and other controls.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Survey finds phishing reporting lapses among IT leaders
scworld.com
Open sourceThe Human Element: Navigating the Widening Gap Between Confidence and Reality in Cybersecurity
arcticwolf.com
Open sourceThe Human Element: Navigating the Widening Gap Between Confidence and Reality in Cybersecurity – Copy
arcticwolf.com
Open sourceHuman Risk Report Reveals Overconfidence in Phishing Defenses
techrepublic.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Human Element Risks and Defenses in Cybersecurity
Cybersecurity experts are increasingly emphasizing the critical role that human behavior plays in both enabling and defending against cyber threats. Despite significant advancements in technical security controls, attackers continue to exploit human vulnerabilities through tactics such as phishing and social engineering. These attacks often succeed by manipulating emotions like urgency, fear, and friendliness, which can lead employees to inadvertently compromise organizational security. Burnout among staff, overly complex security controls, and a lack of engagement further exacerbate these risks, making organizations more susceptible to breaches. Security leaders are recognizing that technology alone cannot address these challenges; instead, a holistic approach that integrates human factors is essential. Practical strategies for mitigating these risks include connecting security responsibilities to every role within the organization, ensuring that security training is both engaging and relevant, and designing controls that prioritize usability. By fostering a culture of security awareness and making employees active participants in defense, organizations can transform the human element from a liability into a competitive advantage. The relationship between humans and artificial intelligence (AI) is also emerging as a new frontier in cybersecurity, with the potential for both increased risk and enhanced defense. As AI systems become more integrated into business processes, securing the interactions between humans and AI becomes paramount. This includes ensuring that AI-driven tools are not only technically robust but also that users understand their limitations and potential for misuse. Security awareness programs must evolve to address the unique challenges posed by AI, such as the risk of overreliance or manipulation of AI outputs. Organizations are encouraged to adopt a proactive stance, continuously assessing and adapting their human-centric security measures in response to evolving threats. The ultimate goal is to create an environment where employees are empowered to recognize and respond to threats effectively, supported by both technology and a strong security culture. By addressing the human factor comprehensively, organizations can significantly reduce the likelihood of successful cyberattacks. This approach requires ongoing commitment from leadership, investment in training, and a willingness to adapt security practices to the realities of human behavior. As the threat landscape evolves, the synergy between human awareness and technological controls will remain a cornerstone of effective cybersecurity defense.
Mar 21, 2026
Persistent Failures in Cybersecurity Awareness Training and Human-Centric Defenses
Despite years of investment in cybersecurity awareness campaigns and training, organizations continue to struggle with fundamental security issues such as poor password hygiene and susceptibility to phishing attacks. A recent discussion among cybersecurity journalists highlighted that nearly 30% of companies still rely on outdated password policies, while only a small fraction have adopted more secure passphrase approaches recommended by experts. The persistence of these problems underscores the limited effectiveness of current training programs, even as organizations face increasingly sophisticated threats targeting human vulnerabilities. The ongoing challenges are exacerbated by the shift to hybrid workforces, which has rendered traditional perimeter-based security models obsolete and increased the attack surface for social engineering and credential-based attacks. Security experts emphasize the need for organizations to move beyond checkbox training and adopt more robust identity and behavioral detection strategies, as threat actors like Scattered Spider exploit weaknesses in identity systems and cloud environments. The failure to address these human-centric risks leaves organizations exposed to both basic and advanced cyber threats, highlighting the urgent need for a strategic overhaul of security awareness and identity protection measures.
Mar 21, 2026
Evolving Cybersecurity Threats and Organizational Preparedness in 2025
Geopolitical instability, rapid technological advancement, and persistent skills shortages are fundamentally reshaping the cybersecurity landscape for organizations worldwide. According to a PwC report, 60% of executives now rank cyber risk investment among their top three strategic priorities, driven by concerns over political instability, trade disputes, and shifting alliances. Despite this heightened awareness, only about half of surveyed organizations feel very capable of withstanding cyberattacks on common vulnerabilities, and a mere 6% report preparedness across all vulnerabilities, highlighting significant exposure through legacy systems and complex supply chains. The financial impact of breaches remains severe, with over a quarter of respondents experiencing incidents costing at least $1 million in the past three years, disproportionately affecting large enterprises and technology-driven sectors. Spending on cybersecurity is increasing, with 78% of organizations expecting budget growth, yet only 24% are channeling more resources into proactive measures such as monitoring, testing, and training, indicating a continued reactive posture. The ENISA Threat Landscape 2025 report underscores the professionalization of cybercrime, the convergence of criminal and state-aligned actors, and the rise of hacktivist groups leveraging ransomware for both ideological and financial gain. Ransomware remains the most disruptive threat across the EU, with groups adopting decentralized operations, double- and triple-extortion tactics, and exploiting regulatory compliance fears to pressure victims. The proliferation of Ransomware-as-a-Service (RaaS), public leaks of builder tools, and the emergence of access brokers have lowered barriers to entry, fueling a diverse and persistent threat ecosystem. Weak authentication practices persist in many organizations, with passwords and SMS codes still dominant despite their vulnerability to phishing and credential theft. A significant portion of employees have never received cybersecurity training, and outdated policies further exacerbate risk, as personal and professional security habits often overlap, creating additional attack vectors. The adoption of stronger authentication methods, such as device-bound passkeys, remains limited, and resistance to multi-factor authentication is common due to perceived complexity. The use of AI in both attack and defense is accelerating, with AI-generated phishing campaigns and adaptive malware becoming more prevalent, while defenders also leverage AI for predictive threat detection. The overall picture is one of rising threat sophistication, uneven organizational preparedness, and a pressing need for sustained investment in proactive security measures, workforce training, and the adoption of advanced technologies to build resilience against an increasingly complex cyber threat landscape.
May 4, 2026