KnowBe4, the security training provider, today released a new report entitled Navigating Cyber Threats: Infosecurity Europe 2025 Findings. The findings show that cybersecurity professionals are sounding the alarm; not about increasingly sophisticated cyber threats, but about something far more human – distraction. The new research from KnowBe4, surveyed more than 100 security professionals during the Infosecurity Europe 2025 conference to gauge the current state of cybersecurity concerns.
The main findings of the report include:
- Distraction is a Top Cybersecurity Weakness: Distraction (43%) and lack of security awareness training (41%) are identified as primary reasons employees fall victim to cyberattacks, rather than attack sophistication.
- Phishing Remains Dominant: Phishing is the leading threat (74%), with impersonation of executives or trusted colleagues being the most common tactic. AI-generated threats are not yet dominant but fears about their rise are growing.
- Cybersecurity Spending Increase with Alignment Gaps: 65% of organisations plan to increase cybersecurity budgets, with top investment areas including email security and security awareness training. However, there is a disconnect between perceived effectiveness of AI-based tools (32% believe greatest impact) and their prioritisation for funding (26%).
- Anticipation of the AI Tipping Point: 60% of organisations fear the rise of AI-generated threats, suggesting preparation for future threats while still dealing with current human risks.
- The Confidence Paradox: Nearly 90% of respondents express confidence in their ability to respond to cyberattacks, which appears inconsistent with breach frequency and known vulnerabilities. This overconfidence is considered a risk in itself.
“Cyber risk is not just about advanced technology; it is about human bandwidth and the cognitive load of today’s fast-paced digital workplace,” said Javvad Malik, lead cybersecurity awareness advocate at KnowBe4. “The findings highlight that bridging the gap between perceived value and investment in integrated human risk management is crucial. Overconfidence, a risk in itself, further underscores the need to validate defences and support employees in making secure decisions amidst distractions, especially as we prepare for the rising tide of AI-generated threats.”
The report concludes with key recommendations for organisations looking to close the gap between threats and defences, with top tips on how to embrace human risk management, strengthen core security and build organisational resilience.
The full report is available to read here.
This report comes after recent research from KnowBe4 that revealed a spike in phishing attacks in 2025.
About KnowBe4
KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organisations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven ‘best-of-suite’ platform for Human Risk Management, creating an adaptive defense layer that fortifies user behaviour against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilises personalised and relevant cybersecurity protection content, tools and techniques to mobilise workforces to transform from the largest attack surface to an organisation’s biggest asset. More at https://knowbe4.com.
Follow KnowBe4 on Linkedin and X.
The post KnowBe4 Finds Top Cybersecurity Risk is Employee Distraction, Not Threat Sophistication appeared first on IT Security Guru.