Human risk factors remain outside of cybersecurity pros’ control

Cyber threats are growing at an unprecedented pace, and the year ahead is fraught with cybercrime and incidents anticipated ahead of the busy election year where over 50 countries head to the polls, according to Mimecast.

With new threats like AI and deepfake technology, the stakes are higher than ever to execute a strong cyber defense.

Human risk fuels majority of cyber breaches

Many human risk factors in particular — which represent today’s biggest cybersecurity gap — remain unaddressed and outside of cybersecurity professionals’ control. 74% of all cyber breaches are caused by human factors, including errors, stolen credentials, misuse of access privileges, or social engineering.

The concern is even greater for certain sectors, such as the public sector, where 87% of respondents worry that employee email and social media lapses will damage their institution.

Despite these fears, only slightly more than half of respondents say their organization provides monthly or ongoing cybersecurity awareness training, and this is down slightly from 2023 (52% versus 54%).

IT teams are proactively stepping up their defense strategies, especially as AI presents new challenges. The emergence of AI is accelerating the spread of phishing and ransomware by making it easier for threat actors to perpetrate successful attacks.

8 out of 10 respondents are concerned about new threats posed by AI and 67% say AI-driven attacks will soon become the norm. As companies prepare for new threats, they’re viewing cyber risks as a bigger business problem, not just an IT problem.

Email remains the primary attack vector for cyber threats like phishing, spoofing, and ransomware, but collaboration tools pose new and dangerous points of entry for bad actors. 70% expect collaboration tools to pose new threats, and 69% believe it is likely that their company will be harmed by a collaboration tool-based attack.

Data breach costs soar

Worldwide, the average cost of a data breach is now $4.45 million, up 15% over three years. For US companies, the average is more than twice that at $9.48 million per breach. Globally, in 2023, the number of stolen electronic records was just shy of 6 billion.

A lack of resources is part of the problem. In a positive development, 97% of respondents say their boards and senior managers support their cybersecurity efforts, and 57% characterize the level of that support as high. Yet at the same time, many respondents feel their efforts are undercut by inadequate budgets and limitations on how those monies can be spent.

As they have stepped up their cyber preparedness efforts, businesses have become less dependent on their cyber insurance policies. By no means are companies dropping their insurance: 95% of respondents have at least one policy and 45% have more than one. They are becoming much less likely to treat these policies as a subsitute for a culture of cyber resilience.

Nine out of 10 companies now have a formal cybersecurity strategy in place, and 96% of them agree that it has strengthened their ability to protect their people, processes and technology.

“Emerging tools and technologies like AI and deepfakes, along with the proliferation of collaboration platforms are changing the way threat actors work; but people remain the biggest barrier to protecting companies from cyber threats,” said Marc van Zadelhoff, Mimecast CEO. “Cybersecurity and IT teams need to work with wider business leaders to prioritize understanding human risk. With the right tools and education, companies can better safeguard against threats and manage human risk.”