New Data Reveals Just 10% of Employees Drive 73% of Cyber Risk
Living Security, the global leader in Human Risk Management
(HRM), today released the 2025 State of Human Cyber Risk Report, an independent
study conducted by leading research firm Cyentia Institute. The report provides
an unprecedented look at behavioral risk inside organizations and reveals how
strategic HRM programs can reduce that risk 60% faster than traditional
methods.
Drawing on behavioral data from more than 100 enterprises and
hundreds of millions of user events, the study offers a first-of-its-kind,
data-driven map of where cyber risk actually lives in the workforce and how
leading organizations are shrinking it. The report confirms a long-suspected
but rarely proven reality: a small fraction of employees (just 10%) are
responsible for 73% of risky behavior. According to the findings, it's clear
that protecting the enterprise in 2025 means managing people, not just systems.
"Security teams have always known the human factor plays
a critical role in breaches, but they've lacked the visibility to act on
it," said Ashley Rose, CEO and Co-founder of Living Security. "Until
now, most insights have relied on anecdotal evidence or narrow indicators like
phishing clicks. This report changes that by providing hard data that shows
exactly where risk lives, and what actually works to reduce it."
Key Findings from the
Report:
Human risk is concentrated, not widespread: Just 10% of
employees are responsible for nearly three-quarters (73%) of all risky
behavior.
Visibility is alarmingly low: Organizations relying solely on
security awareness training (SAT) have visibility into only 12% of risky
behavior, compared to 5X that for mature HRM programs.
Risk is often misidentified: Contrary to popular belief,
remote and part-time workers are less risky than their in-office peers.
HRM works: Companies using Living Security's Unify platform
cut their risky user population by 50% and reduced high-risk behavior duration
by 60%.
Leave A Comment