SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Realistic office worker distracted phone warning cyber threat vulnerability
#
Email Security
#
Breach Prevention
#
Risk & Compliance

Employee distraction now biggest cyber risk, research shows

Wed, 27th Aug 2025
Author image
By Jed Nykolle Harme, Editor

New research from KnowBe4 highlights that employee distraction, rather than the sophistication of cyber threats, is currently the leading cybersecurity risk for organisations.

The report, titled Navigating Cyber Threats: Infosecurity Europe 2025 Findings, is based on a survey of more than 100 security professionals and examines the most significant concerns facing organisations in the cybersecurity arena. The survey sought to identify the prevailing vulnerabilities that make organisations susceptible to cyber attacks and explored the perceived effectiveness of current countermeasures.

Distraction over sophistication

The findings reveal that distraction among staff members was cited by 43% of respondents as a primary reason for falling victim to cyberattacks. This narrowly exceeds the 41% who identified a lack of security awareness training as a key vulnerability. Notably, these human factors were considered more consequential than the inherent sophistication of external threats.

Phishing attacks, often targeting distracted or unaware employees, were named by 74% of participants as the leading threat, with impersonation of executives or trusted colleagues being the most prevalent method used by attackers. Despite the growing discussions about the potential for artificial intelligence to boost the effectiveness of hacking tactics, AI-generated threats have not yet become dominant. However, a majority of respondents reported rising concern over their future impact.

Budget increases but misalignment

In response to these risks, a significant proportion of surveyed organisations - 65% - plan to increase their cybersecurity budgets. The main priority areas for investment are email security and security awareness training. However, the report identifies a disconnect between the perceived benefits of AI-based cybersecurity tools and the level of funding allocated to them. While 32% of security professionals believed AI-based tools would have the greatest impact, only 26% listed these tools as a funding priority.

There is a prevailing sentiment that organisations are preparing themselves for an anticipated rise in AI-generated threats. Sixty percent of organisations stated they fear this development, yet their immediate efforts remain focused on tackling existing risks associated with employee distraction and insufficient training.

Confidence paradox

The research also uncovers what it terms a "confidence paradox" within organisations. Nearly 90% of respondents expressed confidence in their ability to respond effectively to cyberattacks. However, this optimism appears at odds with ongoing breach frequency and reported weaknesses, raising concerns about potential complacency.

"Cyber risk is not just about advanced technology; it is about human bandwidth and the cognitive load of today's fast-paced digital workplace. The findings highlight that bridging the gap between perceived value and investment in integrated human risk management is crucial. Overconfidence, a risk in itself, further underscores the need to validate defences and support employees in making secure decisions amidst distractions, especially as we prepare for the rising tide of AI-generated threats," said Javvad Malik, lead cybersecurity awareness advocate at KnowBe4. 

The report points to several recommendations for organisations aiming to close the gap between cyber threats and their defences. It suggests practical steps for embracing a human risk management approach, enhancing foundational security measures and building resilience at the organisational level. This guidance is designed to help organisations better navigate both current human vulnerabilities and the evolving landscape of emerging, technology-driven threats.

Phishing, as the most commonly cited risk, highlights the ongoing need for vigilance and up-to-date training among employees. The disconnect between confidence and preparedness in many organisations is considered an area requiring ongoing attention, particularly as new risks associated with AI continue to emerge.

Related stories
Exclusive, Extreme deepen UK & Ireland networking ties
Xiid & Cytex link AI governance with zero trust access
ConnectWise names Johannes Kamleitner EMEA go to market SVP
Sue Ryder to roll out AI scribe across UK hospices
UK CIOs struggle to govern surge in business AI agents

Top stories

Active exploitation seen in BeyondTrust access flaw
OpenAI unveils Lockdown Mode to counter prompt attacks
Check Point unveils four-pillar AI security strategy
AI drives shift to persistent, low‑level cyber conflict
UK IT departments most confident on AI future-readiness