Have you ever clicked on a phishing link at work? If so, you’re likely to make further cybersecurity mistakes, and your employer should make “right interventions.” New data reveals that just a small fraction of employees are responsible for the majority of risky cybersecurity behavior.
According to a report by Living Security, a human risk management platform, just 10% of employees will drive almost three-quarters (73%) of cyber risks.
The firm draws data from more than 100 enterprises and hundreds of millions of user events.
“Security teams have always known the human factor plays a critical role in breaches, but they've lacked the visibility to act on it,” Ashley Rose, CEO and Co-founder of Living Security, said in a press release.
“Cybersecurity is no longer just about technology, it's about behavior.”
The World Economic Forum previously estimated that 95% of all cybersecurity issues can be traced to human error.
Living Security details that companies with the “right interventions” can reduce their risky user population by 50% and the duration of high-risk behaviors by 60%. The firm is offering its platform as a risk assessment and targeted training tool, focusing on education and improvement.
“It's clear that protecting the enterprise in 2025 means managing people, not just systems,” the firm said, suggesting that data-driven action plans would cut the population of risky users.
Only very few employees generate more than 1% of their organization’s security alerts. That means there’s no single person “who can be reformed or removed to solve” the human risk problem.
The 10 percent of employees will cause over 75% of data loss incidents, over 65% of malware threats, and over 50% of incidents related to phishing, email, identity, and access.
The report, conducted by Cyentia Institute, also found that, contrary to popular belief, remote and part-time workers are actually less risky than their in-office peers.
“Contractors and remote employees, often viewed as a security liability, are actually less risky and more vigilant than the overall average (which is indicated by the gray diamond). In the case of contractors, their tendency toward lawful vigilance may stem from policies such as requiring MFA for all access and mandatory training to maintain active status,” the report reads.
Four out of five employees also actually help reduce risks more than they add to them.
Your email address will not be published. Required fields are markedmarked