Study reveals 95% of data breaches caused by human error

New research by Mimecast has revealed that human risk has surpassed technology gaps as the most significant cybersecurity challenge for organisations worldwide. The State of Human Risk 2025 survey of 1,100 IT security and IT decision-makers discovered that despite spending billions on cybersecurity technology, data breaches continue unabated and are almost entirely due to human error. 

The study reveals that hackers increasingly target human vulnerabilities, employ AI-powered phishing, exploit collaboration tools, and bypass traditional authentication methods. The result is more costly and difficult-to-detect data breaches. While the concept of human risk is not new, the speed and sophistication of its exploitation, especially with AI, are unprecedented.

The study highlights the need for organisations to prioritise human risk management through dedicated programmes that combine technology with security awareness training. Furthermore, shifting from focusing solely on external threats to addressing internal vulnerabilities is also crucial. Key findings of the study include:

• 95% of data breaches are attributed to human error.
• 79% acknowledge new threats posed by collaboration tools.
• 95% anticipate email security challenges in 2025.
• 81% are concerned about generative AI-driven data leaks—55% are unprepared for AI threats.
• 94% face obstacles in ensuring employee compliance.
• 96% report improved risk levels with formal cybersecurity strategies 
• 95% still expect email security issues
• 61% anticipate negative business impacts from collaboration tool attacks in 2025.
• 85% of organisations have increased cybersecurity budgets, while only 3% feel fully funded.