While organizations remain confident in their defenses, everyday employee behaviors—ranging from phishing missteps to risky AI use—continue to drive breaches and expose sensitive data.
This is according to Arctic Wolf citing findings of research that covers more than 1,700 It leaders and end users worldwide.
As threat activity escalates and generative AI becomes embedded in daily work, the human element has become one of the most unpredictable variables in cybersecurity. Leaders’ overconfidence, combined with employees bypassing or misusing basic safeguards, is widening the gap between perceived resilience and actual exposure.
Findings show that 68% of IT leaders say their organization suffered a breach in the past year—an 8% jump from 2024—with Australia, New Zealand, and the United Kingdom & Ireland experiencing the steepest year-over-year increases.
Phishing traps even the experts as nearly two-thirds of IT leaders and half of employees admit to clicking malicious links. Yet three-quarters of leaders still believe their organizations are safe and a fifth of leaders who clicked didn’t report it.
Senior leadership teams continue to be a prime target, with 39% hit by phishing attempts and 35% facing malware infections that put high-value accounts at risk.
AI becomes a data leak risk as 80% of IT leaders and 63% of employees are using generative AI tools for work. Also, 60% of leaders and 41% of staff admit to feeding these tools confidential data.
The report finds that training beats termination as 77% of IT leaders say they would fire staff who fall for scams, up sharply from 66% in 2024. By contrast, companies that emphasize corrective training report an 88% reduction in risk.
Security basics are still neglected as only 54% of organizations enforce MFA for all users, leaving entry-level accounts unprotected and giving attackers the easiest path inside.
“The rise of generative AI has created powerful new tools—but also powerful new risks. When leaders are overconfident in their defenses while overlooking how employees actually use technology, it creates the perfect conditions for mistakes to become breaches,” said Adam Marrè, SVP and CISO at Arctic Wolf.
“Progress comes when leaders accept that human risk is not just a frontline issue but a shared accountability across the organization,” said Marrè. “Reducing that risk means pairing stronger policies and safeguards with a culture that empowers employees to speak up, learn from errors, and continuously improve.”
