As the workforce in Asia increasingly integrates artificial intelligence, cybersecurity leaders face significant challenges in securing the human element of their organisations.
A recent report from KnowBe4, titled "The State of Human Risk 2025: The New Paradigm of Securing People in the AI Era," reveals disconcerting trends: 96% of organisations struggle to manage the complexities of human-related cyber risks.
The report notes that human-related security incidents surged by 90%. Social engineering attacks, including phishing and Business Email Compromise (BEC), remain prevalent, with email being the primary attack vector. The report notes a 57% increase in email-related incidents, underscoring that 64% of organisations fell victim to external attacks exploiting employees through email.
Human error continues to be a significant vulnerability, affecting 90% of surveyed organisations, while malicious insiders contribute to incidents at 36% of organisations.
"The productivity gains from AI are too great to ignore, so the future of work requires seamless collaboration between humans and AI," states Javvad Malik, lead CISO advisor at KnowBe4. He emphasises the need for a security programme that proactively manages risks associated with both human behaviours and AI utilisation.
The introduction of AI tools has led to a dual-edged sword. On one hand, they enhance productivity, but on the other, they pose new security threats. The report highlights a 43% increase in security incidents linked to AI applications over the past year, making AI-powered threats a top concern for cybersecurity leaders.
Despite 98% of organisations taking steps to mitigate AI-related risks, 45% cited the rapidly evolving nature of these threats as their greatest challenge.
Moreover, the rise in incidents related to deepfakes, which affected 32% of organisations, poses an additional layer of risk. Many employees feel dissatisfied with their company's approach to managing AI tools, potentially leading them to use unsanctioned platforms and creating 'shadow AI' risks.
Looking ahead, the report predicts that email will remain the most vulnerable communication channel for the foreseeable future. However, the emergence of multi-channel attacks combined with AI-driven cyber threats necessitates a swift adaptation by organisations.
To effectively manage human risk in this complex landscape, it is vital for CISOs to implement integrated security measures that encompass both organisational behaviour and technological advancements. By fostering a culture of awareness and accountability among employees, alongside robust AI governance, organisations in Asia can navigate the challenges of 2026 and beyond.
