Nearly two-thirds of IT and security personnel have occasionally fallen for a phishing email, according to a recent report by Arctic Wolf.
The Arctic Wolf 2024 Human Risk Behavior Report highlights some troubling trends in the behavior of IT and security professionals worldwide. The key findings show that human error still plays a major role in the security of organizations. And this is despite the increasing complexity of cyber threats and the availability of AI tools for attackers. Some notable figures include:
- Phishing attacks: Nearly two-thirds (64%) of IT and security personnel have been caught in a phishing attack at some point, although 80 percent believe their organization is resistant to it.
- Password reuse: 68 percent of IT managers worldwide reuse passwords, and in the Benelux it is as high as 80 percent.
- Disabling security measures: 36 percent of IT leaders worldwide have ever disabled security measures on their systems, while in the Benelux this is even more than 53 percent.
- AI policies: Although 60 percent of IT leaders say their organization has an AI policy, less than a third of end users are aware of it.
Proactive training
The report emphasizes that technology alone is not enough to combat cyber threats. Significant attention must also be paid to reducing human risk within organizations. This requires proactive strategies that go beyond traditional security awareness training. These are often considered ineffective due to their annual, compliance-oriented approach.
Arctic Wolf calls on organizations to implement a more comprehensive “human risk management” plan. Such a focuses on improving employee awareness and proactivity in recognizing and preventing cyber threats.