#United States #Austin #Cybersecurity #human risk management #Living Security

New Insights into Employee Cybersecurity Behavior

Overview

In a pioneering new report titled "2025 State of Human Cyber Risk," Living Security has unveiled startling findings that reveal a mere 10% of employees are accountable for approximately 73% of all risky behaviors related to cybersecurity. This data originated from extensive behavioral studies conducted by the Cyentia Institute, which analyzed interactions across over 100 enterprises, totaling hundreds of millions of user events. The implications of these findings are profound, indicating that organizations must reconsider their cybersecurity strategies focusing more on human behavior rather than solely on systems.

Key Findings

The report diverges from the conventional understanding of cybersecurity risks by offering a detailed examination of the concentration of human risk within organizations. Here are some critical insights:

• - Concentration of Risk: The report confirms that a very small fraction of employees engage in the majority of risky behaviors, with just 10% driving a staggering 73% of all risk.
• - Visibility Issues: Organizations that depend entirely on Security Awareness Training (SAT) are often left in the dark, with visibility into only 12% of risky behaviors. In stark contrast, mature Human Risk Management (HRM) programs can see almost five times that figure.
• - Misconceptions About Risk: Traditionally, it was believed that remote or part-time employees posed higher risks. However, the report reveals these workers engage in less risky behavior than their in-office counterparts.
• - Success of HRM Initiatives: Companies utilizing Living Security’s Unify platform have successfully decreased their population of risky users by 50% and cut down the duration of high-risk behavior by 60%.

Importance of Moving from Awareness to Action

Unlike traditional reports that focus on external threats or compliance issues, the findings emphasize the necessity of addressing internal human risk behaviors. The report meticulously details:

• - What constitutes human risk, breaking it down by behavior, events, and attributes.
• - An analysis of risk distribution among various roles, industries, and access levels.
• - Persona-based insights aligned with behavioral models.
• - Evidence that HRM actions, particularly behavior-triggered interventions, can significantly mitigate organizational risk exposure.

A Call to Action for Cybersecurity Leaders

In light of tightening budgets and evolving threats, the report sends a clear message: cybersecurity strategies must evolve beyond awareness campaigns. As Ashley Rose, CEO and Co-founder of Living Security, articulates, "Cybersecurity transcends technology; it's fundamentally about behavior. If we fail to identify our high-risk users and understand why they are at risk, we will only continue to address surface symptoms instead of fundamental issues."

What Lies Ahead

These findings emerge at a critical juncture as AI agents and digital co-workers integrate into workplaces, increasing the attack surface significantly. As leaders in Human Risk Management, Living Security underscores the importance of understanding that cyber resilience entails managing behavioral risk in addition to human risk. The study acts as a meaningful benchmark of progress made in addressing human-centric risks while hinting at the evolution of security approaches for the future, where managing human and AI behaviors in tandem becomes essential.

About the Report

The "2025 State of Human Cyber Risk Report" is the result of collaboration between Living Security and the Cyentia Institute, informed by anonymized data accumulated via Living Security's Unify platform over several years. It reflects millions of real-world user interactions, designed to provide comprehensive insights into human risk dynamics and effective mitigation strategies.

Interested readers can access the complete report at Living Security or participate in a live webinar discussion featuring insights from the Cyentia research team and CEO Ashley Rose that will take place on July 23 at 3 PM ET / 12 PM PT.

Conclusion

Ultimately, as organizations navigate the complexities of cybersecurity in an increasingly digital world, understanding the interplay between human behavior and risk is paramount. As this report compellingly illustrates, investing in human risk management not only enhances cybersecurity but fortifies the very culture of organizational safety. The future of cyber safety hinges on how well businesses can adapt their strategies to this understanding.