THE STATE OF HUMAN
RISK REPORT FOUND THAT AVERAGE INSIDER- DRIVEN EVENT COSTS AN ORGANISATION $ 14.2 MILLION.
INTELLIGENT BRANDS // Enterprise Security
72 % South African organisations concerned about AI being used as attack vector finds Mimecast
Mimecast, a global cybersecurity provider transforming the way businesses manage and mitigate human risk, has published its ninth annual State of Human Risk report. Based on the findings of an in-depth global survey of 1,100 IT security and IT decision-makers, including South Africa’ s private sector, the report provides key insights into the human risk landscape and offers recommendations for organisations to improve their cybersecurity posture and optimise budgets.
“ AI is reshaping cybersecurity at an unprecedented pace, acting as both a powerful defence tool and an evolving threat. Over the past year, while half of organisations have adopted AI for threat detection and real-time monitoring, cybercriminals have also harnessed it to execute increasingly sophisticated attacks,” says Brian Pinnock, Vice President of Sales Engineering at Mimecast.
While 62 % of respondents say that the adoption of a formal cybersecurity strategy has significantly improved their organisation’ s risk level, the report indicates that security leaders are still grappling with an increasingly complex threat landscape.
Key findings from The State of Human Risk 2025 report include:
AI is emerging as both a serious threat and a valuable opportunity. While only 50 % say that their organisation is using AI to help defend against cybersecurity attacks and, or insider threats, 83 % express concerns about the potential for sensitive data leaks via GenAI tools. More than half say they are fully prepared with specific strategies for AI-driven threats, 55 %.
THE STATE OF HUMAN
RISK REPORT FOUND THAT AVERAGE INSIDER- DRIVEN EVENT COSTS AN ORGANISATION $ 14.2 MILLION.
Threats from inside the organisation carry costly ramifications. While mitigating external risk is still a significant requirement for security leaders, they must be just as vigilant when it comes to insider risk, both intentional and unintentional. Local respondents report an average of 25 insider-driven data exposure, loss, leak and theft events in a month. The State of Human Risk report also found that the average insider-driven event costs an organisation $ 14.2 million.
Cybersecurity budgets are growing, but not enough to meet demand. While 86 % of respondents said their organisation’ s cybersecurity budget has increased in the last 12 months, it’ s clear that budget allocation is still an issue.
According to Verizon’ s 2024 Data Breach Investigations Report, 68 % of breaches involved a non-malicious human element, an indicator that organisations are not taking a human-centric approach to managing cyber risk. According to the respondents of The State of Human Risk, additional budget is required for cybersecurity staff and third-party services, 67 %, email security, 52 % and collaboration tool security, 47 %.
Organisations fear human error despite regular training. A combined 86 % of surveyed security decision-makers say their organisation trains its employees to spot cyberattacks monthly, 38 %, quarterly, 29 % or on an ongoing basis, 19 %. However, 43 % of respondents believe their employees lack awareness or understanding of security protocols, while 28 % fear employee fatigue causes lapses in vigilance.
Brian Pinnock, Vice President of Sales Engineering, Mimecast
As one respondent put it, an insurance industry CIO,“ Accidental breaches occur when employees inadvertently compromise sensitive systems through misaddressed emails or failure to follow data disposal protocols. These errors, while unintentional, carry serious consequences.” p
60 INTELLIGENTCIO AFRICA www. intelligentcio. com