Help Desk: 1300 669 220

The Human Factor

Most cyber attacks don't begin with technology.
They begin with people.

When organisations think about cybersecurity, the focus often falls on firewalls, antivirus software, and the latest security tools.

Those technologies are essential, but they’re rarely where an attack begins.

More often than not, cybercriminals target the people behind the keyboard.

A convincing phishing email. A reused password. An account with more access than it needs. These everyday moments create opportunities that attackers are quick to exploit.

The reality is that your cybersecurity posture isn’t defined by technology alone. It’s shaped by the people using it every day.

The Numbers Tell the Story

Human behaviour continues to play a significant role in successful cyber attacks.

  • 60% of data breaches involve the human element, whether through human error, stolen credentials, or social engineering.
  • 55% of insider security incidents are caused by employee negligence, rather than malicious intent.
  • 22% of breaches begin with stolen or compromised credentials, making them the most common way attackers gain access.
  • Organisations take an average of 292 days to identify and contain a breach involving stolen credentials, giving attackers months to move through systems unnoticed.
  • Compromised credentials have increased by 160% in 2025 compared to 2024, highlighting just how quickly identity-based attacks are growing.

These statistics reinforce an important point.

Most employees aren’t trying to create security risks. They’re simply doing their jobs. Unfortunately, cybercriminals understand this and increasingly design attacks around normal workplace behaviour.

AI Has Changed the Phishing Landscape

Phishing has become far more sophisticated.

Gone are the days when suspicious emails were easy to spot because of poor grammar or obvious spelling mistakes.

Today, artificial intelligence enables attackers to generate polished, professional, and highly personalised emails in seconds.

In fact:

  • 82% of phishing emails now use AI.
  • AI-generated phishing emails are 60% more likely to be clicked than traditionally written phishing emails.

These messages often imitate colleagues, suppliers, clients, or executives so convincingly that even experienced professionals can be caught off guard.

As AI continues to evolve, technical controls alone won’t be enough.

Businesses need people who know what to look for and feel confident questioning

unexpected requests.

Building a Strong Human Firewall

The strongest cybersecurity strategies combine technology with education, processes, and governance.

Simple improvements can significantly reduce risk, including:

  • Regular cybersecurity awareness training.
  • Multi-factor authentication across business systems.
  • Password managers that generate strong, unique passwords.
  • Regular reviews of user accounts and access permissions.
  • Clear processes for reporting suspicious emails or unusual activity.
  • Ongoing monitoring of privileged accounts and identity security.

These measures don’t just reduce the likelihood of a successful attack. They also strengthen your organisation’s overall resilience when incidents occur.

Cybersecurity Is a Business Issue

Cybersecurity isn’t simply an IT responsibility.

It’s an operational, financial, and reputational risk that affects every part of the business.

Investing in your people is one of the most effective ways to strengthen your security posture. When employees understand the risks and have the right processes to follow, they’re far less likely to become the entry point for an attack.

Technology protects your systems.

Your people protect your business.

How Perigon One Can Help

Cyber threats continue to evolve, but so can your business.

At Perigon One, we help organisations reduce cyber risk through a practical, layered approach that combines technology, identity protection, security awareness training, and strategic guidance.

Whether you’re looking to strengthen your Microsoft 365 security, implement stronger access controls, improve staff awareness, or review your overall cybersecurity posture, our team can help you identify where your greatest risks lie and what to do next.

Don’t wait for a security incident to expose the gaps.

Book a cybersecurity consultation with Perigon One and discover practical, business-focused strategies to strengthen your security, reduce risk, and give your team the confidence to respond to today’s evolving threats.