KnowBe4 Research Reveals 96% of Organizations Struggle to Secure the Human Element as AI Transforms the NexGen Workforce

News provided by

Dec 10, 2025, 08:00 ET

State of Human Risk 2025 Report Shows Increase in Both Human-Related Security Incidents and AI Application Breaches

TAMPA, Fla., Dec. 10, 2025 /PRNewswire/ -- KnowBe4, the world-renowned platform that comprehensively addresses human and agentic AI risk management, has today released a new report: 'The State of Human Risk 2025: The New Paradigm of Securing People in the AI Era'. The report reveals that security leaders are facing increased pressure in managing behavioral cybersecurity risk as the workforce transforms to include AI.

The comprehensive study of 700 cybersecurity leaders and 3,500 employees, which polled those who had experienced a security incident involving employees in the past year, found that incidents relating to the human element surged by 90%. Examples of ways these incidents can occur include social engineering attacks such as phishing or Business Email Compromise (BEC), risky or malicious behavior, and human error.

The report reveals a complex risk landscape where organizations must defend against both established and emerging attack vectors:

93% of surveyed leaders reported incidents caused by cybercriminals exploiting employees.
A 57% increase in email-related incidents, means email remains the primary battleground.
64% of organizations fell victim to external attacks that exploited employees through email.
Human error persists as a critical vulnerability, as 90% of organizations experience incidents caused by employee mistakes.
Malicious insiders continue to threaten from within, accounting for incidents at 36% of organizations.
A vast majority (97%) of cybersecurity leaders feel the need for increased budget allocations to bolster the security of the human element.

As AI tools rapidly integrate into daily workflows, they have become both a productivity driver and a significant security concern:

AI applications saw a 43% increase in security incidents over the past 12 months, the second-largest increase across all channels.
Despite 98% taking steps to address AI-related risks, cybersecurity leaders rank AI-powered threats as their top security risk, with 45% citing constantly evolving AI threats as their greatest challenge when tackling behavioral risk.
32% of organizations reported increased incidents related to deepfakes.
While 98% of organizations have taken steps to address AI-related cybersecurity risks, 56% of employees are unhappy with their company's approach to AI tools, which can drive them toward unsanctioned platforms and creating 'shadow AI' risks.

The research predicts that email will remain the most at-risk channel for several more years. However, the rise of multi-channel attacks across messaging applications and voice phishing (vishing), combined with cybercriminals exploiting AI tools to create more sophisticated attacks at scale, means organizations must adapt quickly or remain exposed.

"The productivity gains from AI are too great to ignore, so the future of work requires seamless collaboration between humans and AI," says Javvad Malik, lead CISO advisor at KnowBe4. "Employees and AI agents will need to work in harmony, supported by a security program that proactively manages the risk of both. Human risk management must evolve to cover the AI layer before critical business activity migrates onto unmonitored, high-risk platforms."

For further insights and recommendations, access 'The State of Human Risk 2025: The New Paradigm of Securing People in the AI Era'.

Methodology
The data in this report is compiled from an independent survey conducted by Arlington Research of 700 global cybersecurity leaders and 3,500 global employees with no direct responsibility for cybersecurity. The research included respondents from Argentina, Australia, Brazil, DACH, Denmark, France, India, Japan, Mexico, New Zealand, South Africa, Sweden, UK&ROI and USA, and across the financial services (including banking, investment, insurance), manufacturing, healthcare, retail, transport & logistics, information technology, education & social services, governmental agency or provider, telecommunications, critical infrastructure / energy / oil & gas, wholesale, hospitality and travel & tourism sectors.

About KnowBe4
KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 builds security culture and helps teams manage both human and agent risk. The company delivers a comprehensive, agentic best-of-suite platform for Human Risk Management, creating an adaptive defense layer that reinforces secure behavior against evolving cybersecurity threats. The HRM+ platform includes awareness training, integrated cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As AI becomes increasingly embedded in business operations, KnowBe4 prepares the modern workforce by training both humans and AI agents to recognize and respond to security risks. Through this unified approach, KnowBe4 leads workforce trust management and defense strategies. More info at knowbe4.com.

Follow KnowBe4 on LinkedIn and X.

Media Contact
Amanda Tarantino
Head of Public Relations, Americas
KnowBe4
[email protected]

SOURCE KnowBe4 Inc.