Verizon: 60% of breaches involve human error

The 2025 Verizon Data Breach Investigations Report (DBIR) delivers a clear warning: nearly 60% of breaches involve a human element, whether through error, manipulation, or malicious misuse. As phishing attacks become more personalized and collaboration platforms expose more sensitive content, security teams need to rethink how they manage risk at the individual level. For time-strapped CISOs and security leaders, this year's DBIR offers sharp takeaways, especially around who is most at risk, how attacks are evolving, and why a one-size-fits-all approach to Human Risk Management no longer works.

DBIR confirms need for human-first security strategies 

The Verizon DBIR draws from over 22,000 incidents, including 12,000 confirmed breaches. One trend stands out: a small number of users are driving most of the risk. Verizon found that 8% of employees account for 80% of incidents. This means targeted interventions, like individual risk profiling and customized security education, can drastically reduce exposure.

The DBIR also emphasizes that most social engineering attacks, especially phishing and BEC, are effective because they rely on psychological manipulation, not technical exploits. The takeaway: protecting people requires more than training. It demands visibility into behavior and intent. The report suggests comprehensive strategies, moving beyond basic tools to focus on behavioral insights, custom training, and adaptive actions that address risky user behavior.

Email threats/collaboration tools compound human risk

Email and collaboration platforms remain a prime target for attackers. The DBIR corroborates that these are critical threat vectors, used to exploit human vulnerabilities and manipulate access to sensitive data. 

New in 2025 is the increasing role of generative AI in crafting hyper-personalized lures that evade detection. Mimecast contributed intelligence to the DBIR report, demonstrating how AI-generated phishing emails and sophisticated Business Email Compromise attempts continue to outmaneuver traditional defenses. We uncovered an alarming growth in advanced malicious emails leveraging AI’s capacity to bypass standard filters with convincing personalization. 

Collaboration platforms also introduce fresh risk. While not the top vector, they are emerging as common blind spots, especially when sensitive information is shared across unsecured apps or through unauthorized AI tools. According to the Annual Data Exposure Report 2024, 1 in 17 collaboration messages contains sensitive information, and 8% of employees consistently access or share data insecurely. Pair that with DBIR findings, and it is clear: the human layer is now a distributed attack surface.

Threat intelligence underpins HRM efforts 

The fight against human vulnerability hinges on actionable threat intelligence. Addressing human risk effectively means understanding the tactics being used. Threat intelligence platforms can help security teams track how phishing methods are evolving and flag which user populations are being targeted most.

For example, Mimecast threat analysts are tracking a surge in deepfake audio and AI-generated spear-phishing campaigns, which are signals that attackers are investing in psychological realism. These trends align with DBIR findings: the threat is increasingly social, not just technical.

Start mitigating human risk today 

The 2025 DBIR highlights a pressing reality: human-targeted threats remain at the core of modern cybersecurity challenges and security teams need a human-first approach that is informed by behavior, personalized risk, and adaptive response. Start by reviewing how your organization monitors user activity, detects risky behavior, and delivers just-in-time training.

By fostering behavioral awareness, automating training, and addressing risky actions with adaptive security, organizations can build a sustainable human-first defense strategy. Explore our Threat Intelligence Hub and notifications as a first step in prioritizing your human layer’s security.