Human Risk And AI Use Surge As Cybersecurity Incidents Spike, New Study Finds

Clayton Rifkind December 11, 2025

The report says human error and AI-related breaches are rising concerns for security leaders.

A new industry study released this month shows that organizations are having growing difficulty managing human-related cybersecurity risks as artificial intelligence (AI) becomes more entrenched in everyday work. The State of Human Risk 2025 report, based on a survey of 700 cybersecurity leaders and 3,500 employees, found incidents tied to the human element surged sharply over the past year.

The report, published by security platform KnowBe4, shows a 90% increase in incidents linked to human factors compared with the previous year. These include social engineering attacks such as phishing, risky user behavior, and accidental errors.

Security leaders said cybercriminals are increasingly exploiting employees as the weakest link. 93% of respondents reported incidents caused by attackers leveraging human vulnerabilities, and a 57% increase in email-related incidents underscored the continued threat in everyday communications channels. 64% of organizations reported being hit by external attacks that exploited employees via email.

Human error also remained a critical vulnerability, with 90% of organizations experiencing incidents attributable to employee mistakes. The study further found that deepfake-related incidents rose at 32% of organizations.

Incidents involving AI applications also increased significantly, up 43% over the past 12 months, making AI-related breaches the second-fastest-growing category among all incident types measured. Despite this, nearly all organizations surveyed reported taking steps to address AI risks, and 45% of security leaders said evolving AI threats are their top challenge in managing behavioral risk.

“The productivity gains from AI are too great to ignore, so the future of work requires seamless collaboration between humans and AI,” said Javvad Malik, Lead Security Awareness Advocate at KnowBe4. “Employees and AI agents will need to work in harmony, supported by a security program that proactively manages the risk of both.”

Clayton Rifkind

Clayton Rifkind is the Founder and Senior Editor of AI Risk Today. He also advises on content development for esgtoday.com, a leading source of ESG investment news and research for institutional investors and corporate leaders. He has 20+ years experience in B2B technology marketing, leading strategy and execution of go-to-market plans across software, enterprise platforms, and mobile applications. He also founded two marketing consultancies, advising startups and Fortune 1000 companies, including Autodesk, Intel, and Microsoft. Clayton began his career in the San Francisco advertising scene, working with brands such as Hewlett-Packard, Intel, Microsoft, Symantec, and Wells Fargo.

Essential AI Risk Intelligence

Daily insights on AI governance, regulation, and enterprise risk management. Trusted by Chief Risk Officers and compliance leaders globally.

By subscribing, you agree to receive our daily newsletter. Unsubscribe anytime.