In 2024, human risk surpassed technology gaps as the biggest cybersecurity challenge. Organizations spent billions fortifying their tech stacks, yet breaches continue unabated. The problem isn’t that humans are the weakest link, it’s that security strategies haven’t evolved to protect the ways people actually work.
Insider threats, credential misuse, and user-driven errors now account for most security incidents. Attackers don’t just hack in anymore; they’re increasingly targeting the human layer with precision. They leverage AI-powered phishing, exploit collaboration tools, and bypass traditional authentication methods. The results? Bigger, costlier breaches that are harder to detect and contain.
This tenth annual State of Human Risk report examines how organizations are responding to this shift. Based on a survey of 2,500 IT security and IT decision makers across nine countries, we reveal where security leaders are making progress and where critical gaps remain. The message is clear: 2026 is the year to move from awareness
to action.
