Human error was responsible for 95% of data breaches in 2024, driven by insider threats, credential misuse, and user mistakes. A small group of employees, just 8%, accounted for 80% of these incidents. High-profile breaches, such as the Change Healthcare ransomware attack, involved compromised employee credentials due to phishing emails, allowing attackers to access sensitive networks. The study revealed that 43% of organizations saw an increase in internal threats, with many expecting insider-related data loss to grow in the coming year. On average, these insider-driven incidents cost organizations $13.9 million.
Despite regular cybersecurity training, employees remain vulnerable to mistakes, particularly in handling email threats.
While 87% of companies train staff quarterly to spot cyber-attacks, 33% still worry about human errors in email handling. Additionally, 27% are concerned that employee fatigue is contributing to lapses in vigilance. This underscores the challenge organizations face in protecting themselves, despite efforts to raise awareness. The use of artificial intelligence (AI) is growing to combat these issues, with 95% of organizations employing AI tools for defense, although many still lack comprehensive strategies to address AI-driven threats.
Collaboration tools such as Microsoft Teams and Slack are emerging as significant cybersecurity risks.
These platforms are growing targets for attackers, with 44% of companies reporting an increase in related threats in the past year. As these tools expand the attack surface, 79% of organizations see them as posing new security vulnerabilities. Companies are taking steps to monitor collaboration tool security, with 53% already doing so. However, 61% of respondents believe a security incident involving these tools is inevitable, and they expect significant business impacts in the next year.
AI is also playing a critical role in both cyber threats and defense. Cybercriminals use generative AI to craft sophisticated phishing emails and deepfakes. Meanwhile, organizations are incorporating AI into their cybersecurity strategies, with 95% of respondents utilizing AI for threat detection. Many companies are developing internal AI tools and training staff on how to defend against AI-driven attacks. While AI offers advantages in protecting against security breaches, it also requires constant evaluation to ensure alignment with organizational needs and counteract evolving threats.
Reference:
