Arctic Wolf has released its second annual Human Risk Behavior Snapshot, an independent survey of more than 1,700 IT leaders and end users worldwide. The findings show that while organizations remain confident in their defenses, everyday employee behaviors—ranging from phishing missteps to risky AI use—continue to drive breaches and expose sensitive data.
As threat activity escalates and generative AI becomes embedded in daily work, the human element has become one of the most unpredictable variables in cybersecurity. Leaders’ overconfidence, combined with employees bypassing or misusing basic safeguards, is widening the gap between perceived resilience and actual exposure. The Human Risk Behavior Snapshot is designed to help business leaders and security practitioners recognize these challenges and address the people-driven risks that persist across every organization.
Key findings from the 2025 Human Risk Behavior Snapshot include:
- Breaches surge worldwide: 68% of IT leaders say their organization suffered a breach in the past year—an 8% jump from 2024—with Australia, New Zealand, and the U.K. & Ireland experiencing the steepest year-over-year increases.
- Phishing traps even the experts: Nearly two-thirds of IT leaders and half of employees admit to clicking malicious links, yet three-quarters of leaders still believe their organizations are safe. Alarmingly, 1 in 5 leaders who clicked didn’t report it.
- Executives in the crosshairs: Senior leadership teams continue to be a prime target, with 39% hit by phishing attempts and 35% facing malware infections that put high-value accounts at risk.
- AI becomes a data leak risk: 80% of IT leaders and 63% of employees are using generative AI tools for work—60% of leaders and 41% of staff admit to feeding these tools confidential data.
- Training beats termination: 77% of IT leaders say they would fire staff who fall for scams, up sharply from 66% in 2024. By contrast, companies that emphasize corrective training report an 88% reduction in risk.
- Security basics still neglected: Only 54% of organizations enforce MFA for all users, leaving entry-level accounts unprotected and giving attackers the easiest path inside.
“The rise of generative AI has created powerful new tools—but also powerful new risks. When leaders are overconfident in their defenses while overlooking how employees actually use technology, it creates the perfect conditions for mistakes to become breaches,” said Adam Marrè, senior vice president and chief information security officer at Arctic Wolf. “Progress comes when leaders accept that human risk is not just a frontline issue but a shared accountability across the organization. Reducing that risk means pairing stronger policies and safeguards with a culture that empowers employees to speak up, learn from errors, and continuously improve.”
The full 2025 Human Risk Behavior Snapshot can be downloaded here.
