A recent report by KnowBe4 found that cybersecurity incidents relating to human elements surged by 90% in 2025. Examples of ways these incidents can occur include social engineering attacks such as phishing or Business Email Compromise (BEC), risky or malicious behavior, and human error.  

According to the report, 93% of surveyed leaders reported incidents caused by cybercriminals exploiting employees. A 57% increase in email-related incidents means email remains the primary battleground. The report also found that 64% of organizations fell victim to external attacks that exploited employees through email. 

Human error persists as a critical vulnerability, according to the report, as 90% of organizations experience incidents caused by employee mistakes. Additionally, malicious insiders continue to threaten from within, accounting for incidents at 36% of organizations. A majority (97%) of cybersecurity leaders feel the need for increased budget allocations to bolster the security of the human element. 

AI applications saw a 43% increase in security incidents over the past 12 months, the second-largest increase across all channels. Despite 98% taking steps to address AI-related risks, the report found that cybersecurity leaders rank AI-powered threats as their top security risk, with 45% citing constantly evolving AI threats as their greatest challenge when tackling behavioral risk. 

The report found that 32% of organizations reported increased incidents related to deepfakes. While 98% of organizations have taken steps to address AI-related cybersecurity risks, 56% of employees are unhappy with their company's approach to AI tools, which can drive them toward unsanctioned platforms and creating “shadow AI” risks.  

Download the report.