KnowBe4

93% of cybersecurity leaders reported incidents caused by cybercriminals exploiting employees.

Email-related incidents increased by 57%.

90% of organizations experienced incidents caused by employee mistakes.

97% of cybersecurity leaders feel the need for increased budget allocations to bolster the security of the human element.

Incidents relating to the human element surged by 90%.

AI applications experienced a 43% increase in security incidents over the past 12 months, marking the second-largest increase across all channels.

45% of cybersecurity leaders cited constantly evolving AI threats as their greatest challenge when tackling behavioral risk.

64% of organizations fell victim to external attacks that exploited employees through email.

Malicious insiders accounted for incidents at 36% of organizations.

56% of employees are unhappy with their company's approach to AI tools, which can drive them toward unsanctioned platforms and creating 'shadow AI' risks.

32% of organizations reported increased incidents related to deepfakes.

In 2025, cybercriminals increased their abuse of legitimate platforms like QuickBooks, Zoom, SharePoint, and PayPal by 67% year-to-date.

In 2025, 77% of callback numbers used AI-generated voices, while 69% of vishing attacks were financially motivated, requesting bank detail changes, fraudulent refunds, or transfers.

Phone-based vishing attacks increased by 449% in 2025 compared to 2024, with phone numbers appearing as the sole payload in 5.5% of phishing emails.

65% of organisations plan to increase cybersecurity budgets.

32% of respondents believe that AI-based cybersecurity tools have the greatest impact.

Nearly 90% of respondents express confidence in their ability to respond to cyberattacks

43% of cybersecurity professionals identified distraction as a primary reason employees fall victim to cyberattacks.

26% of respondents indicated that AI-based cybersecurity tools are prioritised for funding.

74% of respondents stated that phishing is the leading threat, with impersonation of executives or trusted colleagues being the most common tactic.

60% of organisations fear the rise of AI-generated threats.

41% of cybersecurity professionals identified lack of security awareness training as a primary reason employees fall victim to cyberattacks.

74% of respondents stated that phishing is the leading threat, with impersonation of executives or trusted colleagues being the most common tactic.

68% of attacks originate from email.

Financial service firms globally experience up to 300 times more cyberattacks annually than other industries.

100% of Europe's top financial firms suffered supplier breaches.

A single day's disruption in payments by major banks could affect 38% of network banks globally

Almost all (97%) of major U.S. banks experienced third-party breaches in 2024.

Targeted intrusions against financial institutions increased by 109% year-over-year.

Comprehensive security awareness training can reduce phishing susceptibility to below 5%.

There has been a 25% year-on-year increase in financial institution intrusion events for 2024.

Infostealer infection attempts increased 58% in 2024.

Analysis of over three million dark web posts shows stolen credentials far outpace credit card theft.

Initially, large financial institutions show 44.7% Phish-prone™ Percentage (PPP) rates, meaning nearly 45% of employees were susceptible to phishing attacks or likely to click on a malicious link or download an infected file.

The U.S. accounts for 60% of all ransomware attacks against financial institutions.

The U.S. and U.K. together represent over 70% of ransomware attacks.

80.6% of the top 20 clicked links originated from internally-themed simulations.

HR-related themes were cited in 42.5% of phishing failures.

71.9% of interactions with malicious landing pages involved branded content.

80.6% of the top 20 clicked links originated from internally-themed simulations.

PDF attachment clicks in phishing simulations increased by 8.1% compared to Q1 2025.

Among internally-themed links, 68.2% utilised domain spoofing techniques.

Internal-themed topics accounted for 98.4% of the top 10 most-clicked email templates in the phishing simulations.

Internal-themed topics accounted for 98.4% of the top 10 most-clicked email templates in the phishing simulations.

PDFs comprised the majority, 61.1%, of the top 20 attachments clicked in phishing simulations.

PDF attachment clicks in phishing simulations increased by 8.1% compared to Q1 2025.

71.9% of interactions with malicious landing pages involved branded content.

IT-related themes were cited in 21.5% of phishing failures.

Average ransom per attack on state, local, tribal, and territorial (SLTT) governments reached $872,656 between 2018 and December 2024, with total costs exceeding $1.09 billion.

70% of surveyed state, local, tribal, and territorial (SLTT) organizations cite lack of sufficient funding as their top security concern