Living Security, the global leader in Human Risk Management (HRM), today released the 2025 State of Human Cyber Risk Report, an independent study conducted by leading research firm Cyentia Institute. The report provides an unprecedented look at behavioral risk inside organizations and reveals how strategic HRM programs can reduce that risk 60% faster than traditional methods.
Drawing on behavioral data from more than 100 enterprises and hundreds of millions of user events, the study offers a first-of-its-kind, data-driven map of where cyber risk actually lives in the workforce and how leading organizations are shrinking it. The report confirms a long-suspected but rarely proven reality: a small fraction of employees (just 10%) are responsible for 73% of risky behavior. According to the findings, it’s clear that protecting the enterprise in 2025 means managing people, not just systems.
“Security teams have always known the human factor plays a critical role in breaches, but they’ve lacked the visibility to act on it,” said Ashley Rose, CEO and Co-founder of Living Security. “Until now, most insights have relied on anecdotal evidence or narrow indicators like phishing clicks. This report changes that by providing hard data that shows exactly where risk lives, and what actually works to reduce it.”
Key Findings from the Report:
- Human risk is concentrated, not widespread: Just 10% of employees are responsible for nearly three-quarters (73%) of all risky behavior.
- Visibility is alarmingly low: Organizations relying solely on security awareness training (SAT) have visibility into only 12% of risky behavior, compared to 5X that for mature HRM programs.
- Risk is often misidentified: Contrary to popular belief, remote and part-time workers are less risky than their in-office peers.
- HRM works: Companies using Living Security’s Unify platform cut their risky user population by 50% and reduced high-risk behavior duration by 60%.
From Awareness to Action: Making Human Risk Measurable
Unlike traditional reports that focus on external threats or compliance audits, the 2025 State of Human Cyber Risk Report centers on internal risk behaviors and how they change with the right interventions.
The report includes:
- A detailed breakdown of what constitutes human risk across behaviors, events, and attributes
- Analysis of how risk is distributed across roles, industries, and access levels
- Persona-based insights using behavioral alignment models
- Proof that HRM initiatives, especially behavior-triggered action plans, dramatically reduce organizational risk exposure
A Call to Cybersecurity Leaders
With budgets tightening and threats evolving, the stakes are clear: cybersecurity can no longer rely on awareness alone. Leaders must prioritize behavioral visibility, targeted action, and ROI-driven results.
“Cybersecurity is no longer just about technology, it’s about behavior,” said Rose. “If we don’t understand who our riskiest users are, why they’re at risk, and how to help them improve, we’ll continue chasing symptoms instead of solving the root problem.”
Looking Ahead
These findings come at a time when AI agents and digital co-workers are entering the enterprise and the attack surface is evolving fast. As pioneers in Human Risk Management, Living Security sees this evolution clearly: the future of cyber resilience isn’t just about managing human risk, it’s about managing behavioral risk, wherever it originates. This report not only celebrates measurable progress on the human side, but also signals what comes next: a future where enterprises govern both humans and agents through shared visibility, standards, and accountability.
About the Report
The 2025 State of Human Cyber Risk Report was produced in partnership with the Cyentia Institute using anonymized data from Living Security’s Unify platform over the last several years. It reflects hundreds of millions of real-world user events and decisions, collected and analyzed to provide a clear picture of how human risk shows up, and how it can be reduced.
The full report is available for download at: https://www.livingsecurity.com/2025-human-risk-report-key-cybersecurity-insights. For a deeper look at the findings, users can join a live webinar with Cyentia researchers and Living Security CEO Ashley Rose on July 23 at 3PM ET / 12PM PT by registering here.
About Cyentia Institute
The Cyentia Institute is a renowned research firm committed to providing high-quality, data-driven insights to help organizations enhance cybersecurity and effectively manage information risks. Through collaborations with leading industry and government entities, Cyentia continually advances cybersecurity knowledge and practice.
About Living Security
Living Security is the global leader in Human Risk Management (HRM), providing a risk-informed approach that meets organizations where they are—whether that’s starting with AI-based phishing simulations, intelligent behavior-based training, or implementing a full HRM strategy that correlates behavior, identity, and threat data streams.
Living Security’s Unify platform delivers 3X more visibility into human risk than traditional, compliance-based training platforms by eliminating siloed data and integrating across the security ecosystem. The platform pinpoints the 8–12% of users who pose the greatest risk and automates targeted interventions in real time—reducing exposure to human risk by over 90%. Powered by AI, human analysis, and industry-wide threat telemetry, Unify transforms fragmented signals into intelligent, adaptive defense.
Named a Global Leader in Human Risk Management by Forrester and trusted by enterprises like Unilever, Mastercard, Merck, and Abbott Labs, Living Security helps security teams move from awareness to action—driving measurable behavior change and proving impact at every stage of the journey.
For more information, users can find them online at livingsecurity.com or follow on LinkedIn.
Contact
Living Security Press
Living Security
media@livingsecurity.com
Read More from This Article: New Report Reveals Just 10% of Employees Drive 73% of Cyber Risk
Source: News