At this year’s Infosecurity Europe, the loudest alarm wasn’t about AI-powered cybercrime or nation-state hackers. According to a new report from KnowBe4, the global leader in human risk management, the biggest threat might be something far more mundane: distraction.
The report, Navigating Cyber Threats: Infosecurity Europe 2025 Findings, surveyed more than 100 cybersecurity professionals and uncovered a striking trend: while cyberattacks are getting more complex, employees are often tripped up not by bleeding-edge threats, but by everyday cognitive overload.
Key Findings: The Human Factor
-
Distraction tops the list of weaknesses. 43% of respondents flagged it as the leading reason employees fall victim to attacks, edging out lack of awareness training (41%).
-
Phishing remains public enemy #1. Nearly three-quarters (74%) said phishing is the most common threat vector, with executive impersonation still the go-to trick. AI-driven scams aren’t dominant yet—but security teams fear they soon will be.
-
Budgets are rising—but not always aligned. 65% of organizations plan to increase cybersecurity spending, mostly on email security and training. Curiously, while 32% of pros see AI-based tools as the most impactful, only 26% prioritize them in budgets.
-
AI tipping point looms. 60% expect a wave of AI-generated threats in the near future, while still grappling with current human vulnerabilities.
-
Confidence paradox. Nearly 90% of respondents are confident in their ability to respond to attacks, even as breaches continue. That overconfidence, the report warns, could itself be a dangerous blind spot.
The Bigger Picture
If the results sound paradoxical—rising budgets, growing confidence, but the same old phishing headaches—that’s because they are. As Javvad Malik, KnowBe4’s cybersecurity awareness advocate, put it:
“Cyber risk is not just about advanced technology; it is about human bandwidth and the cognitive load of today’s fast-paced digital workplace… Overconfidence, a risk in itself, further underscores the need to validate defences and support employees in making secure decisions amidst distractions.”
Why It Matters
The findings echo a broader shift in security thinking: human risk is now as critical as technical defenses. While vendors race to build AI tools to detect AI threats, the simple reality is that distracted employees continue to click on phishing emails, reuse weak passwords, or miss security red flags.
For CISOs, the report is a reminder to balance shiny new tech investments with practical, people-first strategies. Awareness training, realistic phishing simulations, and “human bandwidth” management may not grab headlines, but they could stop the next breach.
The Takeaway
KnowBe4’s study suggests cybersecurity isn’t just an arms race against smarter malware—it’s a race to keep humans focused, informed, and supported. And as AI-driven attacks inevitably scale up, the line between human error and organizational resilience will only get sharper.
Join thousands of HR leaders who rely on HRTechEdge for the latest in workforce technology, AI-driven HR solutions, and strategic insights
