KnowBe4 Finds Top Cybersecurity Risk is Employee Distraction, Not Threat Sophistication

KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today released a new report titled “Navigating Cyber Threats: Infosecurity Europe 2025 Findings.” The findings show that cybersecurity professionals are sounding the alarm, not about increasingly sophisticated cyber threats, but about something far more human—distraction. The new research from KnowBe4 surveyed more than 100 security professionals during the Infosecurity Europe 2025 conference to gauge the current state of cybersecurity concerns.

The main findings of the report include:

• Distraction is a top cybersecurity weakness. Distraction (43%), and lack of security awareness training (41%), are identified as primary reasons employees fall victim to cyberattacks, rather than attack sophistication.
• Phishing remains dominant. Phishing is the leading threat (74%), with impersonation of executives or trusted colleagues being the most common tactic. Artificial Intelligence (AI)-generated threats are not yet dominant, but fears about their rise are growing.
• Cybersecurity spending increase swith alignment gaps. 65% of organisations plan to increase cybersecurity budgets, with top investment areas including email security, and security awareness training. However, there is a disconnect between perceived effectiveness of AI-based tools (32% believe greatest impact) and their prioritisation for funding (26%).
• Anticipation of the AI tipping point is growing. 60% of organisations fear the rise of AI-generated threats, suggesting preparation for future threats while still dealing with current human risks.
• Hello, Confidence Paradox. Nearly 90% of respondents express confidence in their ability to respond to cyberattacks, which appears inconsistent with breach frequency and known vulnerabilities. This overconfidence is considered a risk in itself.

“Cyber risk is not just about advanced technology; it is about human bandwidth and the cognitive load of today’s fast-paced digital workplace,” said Javvad Malik, lead cybersecurity awareness advocate at KnowBe4. “The findings highlight that bridging the gap between perceived value and investment in integrated human risk management is crucial. Overconfidence, a risk in itself, further underscores the need to validate defences and support employees in making secure decisions amidst distractions, especially as we prepare for the rising tide of AI-generated threats.”

The report concludes with key recommendations for organisations looking to close the gap between threats and defences, with top tips on how to embrace human risk management, strengthen core security, and build organisational resilience.

The full KnowBe4 report is available to read here.