Elevating Human Attack Surface Management

Every year, enterprises spend millions on security technology and training — only to be caught on the hamster wheel of responding to incidents caused by recurrent human errors. Incredibly, human error has played a role in 88% of the total losses from the largest cyber incidents of the last 5 years.

In this provocative report, Cyentia Institute launches its first annual study on human cybersecurity risk in the workplace, in partnership with Elevate Security. This unprecedented report aggregates data from 114,000 end users across 2,000 organizational departments between 2018 and 2020. Cyentia analysts highlight key lessons to be learned from the data about measuring and managing the human attack surface.

Key findings include:

  • Conclusive data that traditional security awareness training and mock phishing exercises have no significant effect at reducing human error at the organizational level
  • An increase in simulations and training can actually be counterproductive, users who had training are actually more likely to click on a phishing link than those with little or no training
  • Understanding and actively defending the human attack surface is one of the best actions that cybersecurity leaders can take to strengthen their organization's overall cyber defense strategy

To review all of the study's findings, download the full report here.