Mimecast has released its 9th annual State of Human Risk report, drawing on an in-depth global survey of 1,100 IT security and decision-makers, including representatives from South Africa’s private sector.
The report highlights key insights into the human risk landscape and provides actionable recommendations to help organizations strengthen their cybersecurity posture while optimizing budgets.
The Complexity of the Cyber Threat Landscape
The report reveals that 62% of respondents believe a formal cybersecurity strategy has significantly reduced their organization’s risk. Despite this, security leaders continue to grapple with an increasingly complex and evolving threat landscape. The State of Human Risk 2025 report outlines several key findings:
AI: A Double-Edged Sword
Artificial Intelligence (AI) is seen as both a threat and an opportunity;
– Only 50% of organizations currently utilize AI for defending against attacks and insider threats.
– However, 83% of respondents express concerns about sensitive data leaks via GenAI tools.
– Just over half of respondents (55%) report having strategies in place to address AI-driven threats.
As a retail IT head noted during the survey, “You can’t stand there trying to put your finger in the hole of a dam. You’ve got to embrace [AI].” Similarly, an IT director at a utilities company emphasized the need to stay ahead: “I think AI will evolve quickly, and we’ll have to embrace it quickly as well.”
The Cost of Insider Threats
Mitigating insider risks—whether intentional or accidental—is a pressing challenge;
– South African respondents reported an average of 25 insider-driven incidents involving data exposure, loss, or theft each month.
– These events come at a high price, with the average cost per incident reaching $14.2 million.
Budget Challenges in Cybersecurity
While 86% of organizations have increased their cybersecurity budgets over the last year, funding remains insufficient to meet growing demands;
Organizations need additional budget for areas like cybersecurity staffing and third-party services (67%), email security (52%), and collaboration tool security (47%).
The 2024 Verizon Data Breach Investigations Report highlights that 68% of breaches involve non-malicious human error, suggesting organizations need to adopt a more human-centric approach to managing cyber risk.
Human Error and Training Gaps
Regular employee training is common, with 86% of organizations conducting training at least monthly (38%), quarterly (29%), or continuously (19%).
Yet, challenges persist:
– 43% of respondents say employees lack security awareness;
– 28% cite employee fatigue as a significant factor contributing to security lapses.
As an insurance CIO explained, “Accidental breaches occur when employees inadvertently compromise systems through misaddressed emails or failure to follow protocols. These errors, while unintentional, carry serious consequences.”
Collaboration Tools: A Growing Attack Surface
Collaboration tools have become a significant risk factor:
– 57% of respondents believe it is likely or inevitable their organization will experience a negative impact from collaboration tool-related attacks in 2025.
Addressing the Future of Cybersecurity
“AI is reshaping cybersecurity at an unprecedented pace, acting as both a powerful defense tool and an evolving threat. Over the past year, while half of organizations have adopted AI for threat detection and real-time monitoring, cybercriminals have also harnessed it to execute increasingly sophisticated attacks,” says Brian Pinnock, Vice President of Sales Engineering at Mimecast.
“Security leaders now face mounting challenges, from insider threats and expanding attack surfaces in collaboration tools to AI-powered cyberattacks. While proactive measures are essential, effectively managing human risk, implementing tailored employee training, and strengthening defenses against business email compromise (BEC) remain critical. At Mimecast, our AI-powered, API-enabled human risk management platform is purpose-built to protect organizations from today’s threats and those on the horizon.
As AI continues to shape the cybersecurity landscape, organizations must strike a balance by leveraging AI for defense while remaining vigilant against its risks.”
