Human risk has become the #1 cybersecurity challenge for organizations today. Insider threats, credential misuse, and simple user mistakes are now responsible for the majority of security incidents — creating massive financial exposure.
A recent report by KnowBe4 revealed that cybersecurity incidents involving human risk surged by 90% in 2025. These incidents often stem from social engineering attacks such as phishing and Business Email Compromise (BEC), as well as risky or malicious behavior and simple human error.
According to the report, 93% of surveyed leaders experienced incidents caused by cybercriminals exploiting employees. Email continues to be the primary attack vector, with email-related incidents rising by 57%. In fact, 64% of organizations reported external attacks that targeted employees through email.
Human Risk is the most significant vulnerability
Human risk remains one of the most significant vulnerabilities. The report found that 90% of organizations experienced security incidents caused by employee mistakes. At the same time, malicious insiders remain a concern, contributing to incidents in 36% of organizations. As a result, 97% of cybersecurity leaders say increased budget allocations are needed to better protect the human element of security.
The report also highlights the growing impact of artificial intelligence on cybersecurity. AI-related security incidents increased by 43% over the past year, marking the second-largest rise across all threat channels. Although 98% of organizations have implemented measures to address AI risks, cybersecurity leaders still rank AI-powered threats as their top concern, with 45% citing constantly evolving AI threats as their biggest challenge in managing behavioral human risk.
Additionally, 32% of organizations reported a rise in incidents involving deepfakes. While most companies are taking steps to mitigate AI-related risks, 56% of employees are dissatisfied with their organization’s approach to AI tools. This dissatisfaction can push employees to use unauthorized platforms, creating “shadow AI” risks that further complicate cybersecurity efforts.
According to the SOHR 2026 Report, based on a survey of 2,500 IT and security leaders across nine countries:
• Human-driven incidents dominate breaches. Insider threats and user errors now cause most security events, with an average cost of $13.1M per incident. Organizations report about six insider-related incidents per month, creating nearly $943M in potential annual exposure.
• Awareness isn’t translating into action. While 96% of organizations acknowledge gaps in protection and 91% struggle with compliance, only 28% implement both regular security awareness training and continuous monitoring.
• AI-powered threats are rising rapidly. About 69% of security leaders expect AI-driven cyberattacks within the next year, yet only 40% feel fully prepared.
• Collaboration and email risks remain high.
– 71% expect business disruption from collaboration tool attacks in 2026
– 96% anticipate ongoing email security challenges
• Data leaks via generative AI are a growing concern.
– 80% worry about sensitive information leaking through AI tools
– 60% say their organizations are not fully prepared for AI-related threats
The takeaway: Technology alone isn’t enough. Organizations must adopt a human-risk management strategy that includes user-focused training, continuous monitoring, and AI-aware security policies.
Protecting your business today means addressing the human factor in cybersecurity.
Four types of risk in insurance
The four main types of risks in general business/enterprise risk management, often relevant to insurance, are:
- Strategic risks
- Operational risks
- Financial risks
- Compliance risks
Though some sources break down risks by pure vs. speculative, or focus on specific insurable areas like property, liability, health, and income loss. Pure risks (insurable) involve only loss, while speculative risks (not insurable) offer potential gain or loss, like gambling.
Cyber insurance coverage can safeguard your company against the devastating financial consequences of a cyber attack. Weinsurexyz offers customized Cyber Liability Insurance solutions depending on your business’s level of risk.
Cyber liability insurance policies generally cover lawsuits alleging that your firm is liable for denial of service attacks or a client’s inability to access a website or system as well as disclosure of the client’s confidential information, malicious or accidental loss of digital assets, or data, data tampering, unauthorized access to or use of data, introduction of viruses or malicious code, terrorism threats, cyber extortion, and certain other situations. These policies may also cover expenses associated with restoring data or systems, crisis management and public relations, regulatory action, notification, legal defense, and business interruption.
Request a free quote. We will respond within 24 hours during the week and can begin your coverage that same day. If you are unsure as to what insurance is best for your tech business needs, our licensed insurance agents can help. We’re open Monday to Friday from 9:00 a.m. to 5 p.m. Eastern Time. You may reach us at (888)-540-7374.
