New data puts the spotlight on the human factor in U.K. cyber attacks, where users continue to be susceptible to social engineering, creating the so-called “Human Risk.”
Here at KnowBe4, we’re obviously big believers in the fact that users are a source of risk when it comes to organizational security. Cybersecurity vendor SoSafe’s Human Risk Review 2023 report provides some independent perspective on this very problem. According to the report, one out of two U.K. organizations (or organisations for those of you in the U.K.) have fallen victim to a cyber attack, making it that much more important that every security gap that creates risk be addressed – and this includes users.
According to the report:
- 83% percent of the organizations see phishing and the emotional manipulation of people as a security risk
- 31% of users click on harmful links or attachments in phishing emails
- Employees are susceptible to social engineering tactics that trigger strong emotions, such as pressure (24%), authority (28%) or financial appeals (18%)
- 82% of organizations don’t expect the situation to ease in the next year
The reality for U.K businesses is that, if you’re not already concerned about the user as part of your cybersecurity strategy, it’s well-past time to do so. And the way to address the “human risk” is through continual Security Awareness Training to educate users and phishing testing to create a feedback look that identifies where your human risk continues to exist.