Introduction

In 2025 [1] [3] [4], Mimecast’s ninth annual State of Human Risk report highlights the persistent issue of human error as the primary cause of data breaches, emphasizing the need for more effective human-centric cyber risk management strategies within organizations.

Description

In 2025 [1] [3] [4], Mimecast published its ninth annual State of Human Risk report [1], revealing that human error continues to be the leading cause of data breaches, accounting for 68% of incidents [3]. This underscores a significant lack of effective human-centric cyber risk management within organizations. Insider threats remain a pressing concern, with 43% of surveyed organizations reporting an increase in these threats and 66% anticipating further data loss from insiders in the coming year. Notably, only 8% of employees are responsible for 80% of insider breaches, highlighting the disproportionate impact of a small number of individuals.

The financial ramifications of insider-driven data exposure and theft events are substantial, averaging $13.9 million per organization [2] [3] [5]. Despite 87% of organizations conducting employee training at least quarterly to enhance recognition of cyber-attacks, concerns persist. One-third of security decision-makers express worries about human error related to managing email threats [4], with 27% attributing lapses in vigilance to employee fatigue [2] [5]. Accidental breaches frequently occur due to misaddressed emails or failure to adhere to data disposal protocols [1] [4], resulting in serious consequences [4].

Furthermore, the report indicates that while 96% of organizations have adopted formal cybersecurity strategies [1], they still navigate a complex threat landscape [1]. AI is recognized as both a significant threat and a valuable tool [1], with 95% of organizations utilizing it for defense against cyberattacks [1], yet 81% express concerns about sensitive data leaks via generative AI tools [1]. Masha Sedova [4], VP and Human Risk Strategist at Mimecast [4], emphasizes the necessity for a comprehensive human risk management approach, as the majority of security incidents stem from a small percentage of users. Despite ongoing training efforts, two-thirds of respondents remain apprehensive about the potential rise in data loss from insiders in 2025, reinforcing the need for enhanced strategies to mitigate these risks.

Conclusion

The report underscores the critical need for organizations to implement robust human-centric cyber risk management strategies to mitigate the impact of human error and insider threats. As the financial and operational consequences of data breaches remain significant, organizations must prioritize comprehensive training and leverage advanced technologies, such as AI, to bolster their defenses. Looking forward [4], addressing the challenges posed by insider threats and the dual nature of AI will be crucial in safeguarding sensitive data and maintaining organizational security.

References

[1] https://web3wire.org/web3/new-mimecast-research-reveals-55-of-global-organizations-are-not-fully-prepared-with-strategies-to-combat-ai-driven-threats/
[2] https://www.infosecurity-magazine.com/news/data-breaches-human-error/
[3] https://www.digit.fyi/human-error-still-top-contributor-to-data-breaches/
[4] https://vmblog.com/archive/2025/03/11/new-mimecast-research-reveals-55-of-global-organizations-are-not-fully-prepared-with-strategies-to-combat-ai-driven-threats.aspx
[5] https://osintcorp.net/95-of-data-breaches-tied-to-human-error-in-2024/