86% of employees believe they recognize phishing. However, many employees overestimate themselves when it comes to cybersecurity, as nearly half of them have been victims of digital scams before.
These findings were stated in KnowBe4’s report “Security Approaches Around the Globe: The Confidence Gap.” Misplaced confidence in one’s own ability to recognize phishing regularly leads to a false sense of security, making employees especially vulnerable to sophisticated cyber-attacks. The study emphasizes that in addition to training, an open and transparent security culture is key to cybersecurity. Although 56% of employees feel very comfortable reporting security problems, 1 in 10 still hesitate out of fear or uncertainty.
Employees in the 25-34 age group are the most confident in recognizing online scams, such as phishing and other scams. Yet the study shows that this group is as susceptible to deepfake scams as their younger colleagues aged 16-24. This demonstrates that self-confidence does not always equal digital resilience. This is especially true when it comes to sophisticated techniques such as deepfakes, where AI is used to convincingly fake voices or images.
The researchers argue that online hubris creates a dangerous blind spot, especially since cybercriminals cleverly capitalize on more than 30 human vulnerabilities. These include psychological and cognitive biases, a lack of situational awareness, and unsafe behaviour.
Targeted training necessary
The research underscores the need for personalized, relevant and adaptive cybersecurity training. The type of training should match employees’ individual needs and take into account regional influences and changing attack techniques. Organizations that embrace this approach not only reduce online risks, but also create a work culture that prioritizes cybersecurity. The most significant mistake employees can make in fighting digital scams is thinking it won’t happen to them.
Tip! Phishing-as-a-Service increasingly accessible to cybercriminals