KnowBe4 Urges Organisations to Recognise Social Engineering’s Critical Role in Ransomware Surge

KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, is shining a spotlight on the critical role social engineering plays in the global surge of ransomware attacks. As part of Ransomware Awareness Month in July, KnowBe4 is encouraging organisations to reflect on how human risk contributes to ransomware exposure with five essential strategies to strengthen their human layer defences.

This call to action comes as KnowBe4’s research highlights a concerning 57.7% increase in ransomware payloads delivered through phishing attacks between November 1, 2024, and February 15, 2025, compared to the preceding three months. Commonly considered the most common initial access vector for ransomware into an organisation, this alarming trend underscores phishing’s pivotal role in the rise of ransomware incidents.

Industry data continues to underscore the severity of ransomware on organisations, with global damages projected to reach USD $275 billion annually by 2031. In addition, the 2025 Verizon Data Breach Investigations Report highlights that ransomware was involved in 44% of all analysed breaches, which was up from 31% the previous year. Much of this, according to KnowBe4, is directly tied to social engineering.

Counter Social Engineering and Ransomware with These Tips

As the volume and fallout of successful ransomware attacks increase in 2025, KnowBe4 shares five top tips for organisations to strengthen their human defences:

1. Tailor Cybersecurity Training by Role: Offer timely, role-specific personalised training that directly addresses the unique threats and responsibilities of different departments, helping to dramatically reduce employee behaviours often exploited by ransomware attackers.
2. Run Realistic Phishing Simulations: Regularly conduct real-world phishing simulations that mimic current threat tactics to build employees’ critical thinking skills and instinctive resistance against ransomware delivery methods, including social engineering.
3. Promote a No-Blame Reporting Culture: Foster an environment where employees feel safe and empowered to immediately report any suspicious emails or activities, even if they have made a mistake, enabling faster ransomware containment and incident response.
4. Keep Ransomware Awareness Front and Centre: Implement continuous awareness campaigns through ongoing reminders, visuals, and regular communication to reinforce vigilance and ensure ransomware threats remain top-of-mind for the entire workforce.
5. Utilise Advanced Anti-Phishing Technology: Support employees with advanced anti-phishing technology that employs Artificial Intelligence and Machine Learning to detect and neutralise sophisticated phishing attacks, including zero-day threats carrying ransomware payloads, before they ever reach an employee’s inbox.

“Ransomware remains one of the largest cyber threats an organisation can face–and it all starts with social engineering,” said Roger Grimes, Data-Driven Defence Evangelist at KnowBe4. “As reports continue to highlight the varied forms of phishing as the most prevalent access vector for ransomware-related attacks, organisations must prioritize reducing human risk first and foremost. This Ransomware Awareness Month, it is crucial for every organization to understand their strongest defence against ransomware is actually their workforce.”

For more information, visit www.knowbe4.com.