KnowBe4, the world-renowned cybersecurity platform focused on human risk management, has released a new report titled Navigating Cyber Threats: Infosecurity Europe 2025 Findings. Surveying more than 100 security professionals during Infosecurity Europe 2025, the research reveals that the greatest vulnerability is not the sophistication of attacks but the human factor – distraction.
Quick Intel
43% of professionals cite distraction as a primary reason employees fall victim to attacks.
41% point to lack of security awareness training as a major weakness.
Phishing remains the top cyber threat (74%), often via executive or colleague impersonation.
65% of organizations plan budget increases, mainly for email security and training.
AI fears rising: 60% worry about AI-generated threats, though not yet dominant.
Overconfidence risk: 90% of professionals feel confident in response capabilities, despite known vulnerabilities.
The report underscores that distraction and lack of training now rank higher than attack sophistication as leading causes of successful cyberattacks. With the demands of today’s digital workplace, employees often lack the bandwidth to spot subtle threats, leaving organizations exposed.
"Cyber risk is not just about advanced technology; it is about human bandwidth and the cognitive load of today's fast-paced digital workplace," said Javvad Malik, lead cybersecurity awareness advocate at KnowBe4. "The findings highlight that bridging the gap between perceived value and investment in integrated human risk management is crucial. Overconfidence, a risk in itself, further underscores the need to validate defences and support employees in making secure decisions amidst distractions, especially as we prepare for the rising tide of AI-generated threats."
Phishing continues to dominate the threat landscape, cited by 74% of respondents as the most prevalent attack vector. Impersonation of executives or trusted colleagues remains the most effective tactic. While AI-generated threats are not yet the majority, concerns are mounting about their inevitable rise.
Although 65% of organizations plan to boost cybersecurity budgets, the survey found gaps between perceived value and funding priorities. While 32% see AI tools as having the greatest impact, only 26% are prioritizing investment in them. Email security and awareness training remain the top focus areas.
Nearly 90% of respondents expressed confidence in their ability to respond to cyberattacks. However, this assurance contrasts with persistent breach incidents and known human vulnerabilities, highlighting what KnowBe4 calls the “confidence paradox”—overconfidence as a security risk in itself.
With 60% of organizations fearing the rise of AI-generated threats, the report stresses the importance of proactive preparation. Key recommendations include strengthening core security, adopting integrated human risk management (HRM) practices, and ensuring employees are supported with ongoing awareness and real-time coaching.
KnowBe4’s findings spotlight the human side of cybersecurity risk, with distraction and overconfidence proving as dangerous as any technical vulnerability. As phishing remains dominant and AI threats loom on the horizon, organizations must close the gap between awareness, investment, and execution. The path forward lies in empowering workforces to become a resilient first line of defense.
About KnowBe4
KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. The HRM+ platform delivers AI-driven awareness & compliance training, email security, real-time coaching, crowdsourced anti-phishing, and AI Defense Agents. By mobilizing workforces, KnowBe4 transforms employees from the largest attack surface into an organization’s strongest asset. Learn more at knowbe4.com.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.