While 86 percent of employees believe they can confidently identify phishing emails, nearly half have fallen for scams according to new research from security awareness training company KnowBe4.
The study, which surveyed professionals across the UK, USA, Germany, France, Netherlands, and South Africa, reveals a growing gap between confidence and competence in identifying cyber threats.
As well as training, the report highlights the importance of fostering a transparent security culture. While 56 percent of employees feel ‘very comfortable’ reporting security concerns, one in 10 still hesitates due to fear or uncertainty.
“Overconfidence fosters a dangerous blind spot — employees assume they are scam-savvy when, in reality, cybercriminals can exploit more than 30 susceptibility factors, including psychological and cognitive biases, situational awareness gaps, behavioral tendencies, and even demographic traits,” says Anna Collard, SVP content strategy and evangelist, KnowBe4. “With phishing, AI-driven social engineering, and deepfake scams evolving rapidly, organizations must counteract misplaced confidence with hands-on, scenario-based training. True cyber resilience comes not from assumed knowledge but from continuous education, real-world testing, and an adaptive security mindset.”
Among other findings of the report, 24 percent of employees have fallen for phishing attacks, while 12 percent have been tricked by deepfake scams. South Africa has the highest victimization rate with 68 percent of employees reporting falling for scams.
You can get the full report from the KnowBe4 site.
Image credit: ridofranz/depositphotos.com
