A recent study by Mimecast has uncovered a concerning trend in cybersecurity: 95% of security breaches in 2024 were the result of human error. Despite companies investing billions in advanced security technologies, data breaches continue to occur—largely due to employee mistakes.
The research, which surveyed 1,100 IT and security professionals, highlights a major shift in cybersecurity challenges. Human error has now surpassed technological vulnerabilities as the biggest risk for organizations worldwide. As cyberattacks grow more sophisticated and frequent, human mistakes remain the weakest link in the fight for digital security.
Neglected Security Practices: The Root of Most Breaches
The study identifies basic security mistakes as the main cause of breaches, often due to employee negligence. One of the biggest risks remains the use of weak or repeated passwords across multiple platforms, along with improper credential sharing among coworkers.
A recent example cited in the report is the attack on Change Healthcare, which led to the largest patient data breach in U.S. history. The incident occurred after an employee’s credentials were stolen through a phishing email, highlighting the dangers of human error.
Lack of Proper Training
Inadequate cybersecurity training is another major factor. While 87% of organizations provide quarterly security training, 33% of managers worry about employees mishandling email threats. Digital fatigue worsens the situation—27% of companies report that employee burnout leads to lapses in security awareness, increasing vulnerability.
The financial impact of these mistakes is staggering. A single insider-caused data breach can cost an organization an average of $13.9 million, making human error one of the most expensive cybersecurity risks today.
8% of employees cause 80% of incidents
One of the most striking findings from the study is that just 8% of employees are responsible for 80% of security incidents. This imbalance highlights how a small group within an organization can pose a significant risk to overall cybersecurity.
To address this challenge, 95% of companies have already integrated artificial intelligence into their security strategies. The primary focus areas include real-time threat detection (46%), endpoint protection (46%), and behavioral analysis (43%). However, AI introduces its own risks—81% of managers worry about sensitive data leaks through AI tools, while 55% admit they are not fully prepared to handle AI-driven threats.
The complexity deepens with the increasing use of collaboration tools. Around 79% of organizations have identified new security risks linked to these platforms, and 61% anticipate experiencing some form of negative impact by 2025.