Human risk is concentrated, not widespread: Just 10% of employees are responsible for nearly three-quarters (73%) of all risky behavior.Visibility is alarmingly low: Organizations relying solely on security awareness training (SAT) have visibility into only 12% of risky behavior, compared to 5X that for mature HRM programs.Risk is often misidentified: Contrary to popular belief, remote and part-time workers are less risky than their in-office peers.HRM works: Companies using Living Security’s Unify platform cut their risky user population by 50% and reduced high-risk behavior duration by 60%.From Awareness to Action: Making Human Risk MeasurableUnlike traditional reports that focus on external threats or compliance audits, the 2025 State of Human Cyber Risk Report centers on internal risk behaviors and how they change with the right interventions.The report includes:
A detailed breakdown of what constitutes human risk across behaviors, events, and attributesAnalysis of how risk is distributed across roles, industries, and access levelsPersona-based insights using behavioral alignment modelsProof that HRM initiatives, especially behavior-triggered action plans, dramatically reduce organizational risk exposureA Call to Cybersecurity LeadersWith budgets tightening and threats evolving, the stakes are clear: cybersecurity can no longer rely on awareness alone. Leaders must prioritize behavioral visibility, targeted action, and ROI-driven results. “Cybersecurity is no longer just about technology, it’s about behavior,” said Rose. “If we don’t understand who our riskiest users are, why they’re at risk, and how to help them improve, we’ll continue chasing symptoms instead of solving the root problem.”Looking AheadThese findings come at a time when AI agents and digital co-workers are entering the enterprise and the attack surface is evolving fast. As pioneers in Human Risk Management, Living Security sees this evolution clearly: the future of cyber resilience isn’t just about managing human risk, it’s about managing behavioral risk, wherever it originates. This report not only celebrates measurable progress on the human side, but also signals what comes next: a future where enterprises govern both humans and agents through shared visibility, standards, and accountability.About the ReportThe 2025 State of Human Cyber Risk Report was produced in partnership with the Cyentia Institute using anonymized data from Living Security’s Unify platform over the last several years. It reflects hundreds of millions of real-world user events and decisions, collected and analyzed to provide a clear picture of how human risk shows up, and how it can be reduced.The full report is available for download at: https://www.livingsecurity.com/2025-human-risk-report-key-cybersecurity-insights. For a deeper look at the findings, users can join a live webinar with Cyentia researchers and Living Security CEO Ashley Rose on July 23 at 3PM ET / 12PM PT by registering here.About Cyentia InstituteThe Cyentia Institute is a renowned research firm committed to providing high-quality, data-driven insights to help organizations enhance cybersecurity and effectively manage information risks. Through collaborations with leading industry and government entities, Cyentia continually advances cybersecurity knowledge and practice.About Living SecurityLiving Security is the global leader in Human Risk Management (HRM), providing a risk-informed approach that meets organizations where they are”, whether that’s starting with AI-based phishing simulations, intelligent behavior-based training, or implementing a full HRM strategy that correlates behavior, identity, and threat data streams.Living Security’s Unify platform delivers 3X more visibility into human risk than traditional, compliance-based training platforms by eliminating siloed data and integrating across the security ecosystem. The platform pinpoints the 812% of users who pose the greatest risk and automates targeted interventions in real time”, reducing exposure to human risk by over 90%. Powered by AI, human analysis, and industry-wide threat telemetry, Unify transforms fragmented signals into intelligent, adaptive defense.Named a Global Leader in Human Risk Management by Forrester and trusted by enterprises like Unilever, Mastercard, Merck, and Abbott Labs, Living Security helps security teams move from awareness to action”, driving measurable behavior change and proving impact at every stage of the journey.For more information, users can find them online at livingsecurity.com or follow on LinkedIn.
Contact
Living Security PressLiving Securitymedia@livingsecurity.com
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4026203/new-report-reveals-just-10-of-employees-drive-73-of-cyber-risk-2.html
