Human error fuels breaches, as only half of professionals receive cybersecurity training

A recent Kaspersky survey in the Middle East, Turkiye, and Africa (META) region entitled “Cybersecurity in the workplace: Employee knowledge and behavior”, announced during Black Hat MEA 2025 in Riyadh, KSA, found that just 50% of professionals received training on digital threats. This knowledge gap is significant, especially given that the majority of cybersecurity breaches are attributed to human error. The findings underscore a need for IT departments to provide clear guidance and for organizations to implement structured, practical cybersecurity training that reaches employees at every level.

Many cyberattacks today are deliberately designed to bypass digital defenses by exploiting human psychology. “Social engineering” schemes, such as phishing emails, exploit trust and urgency to trick employees into sharing sensitive information or initiating fraudulent transactions. Nearly half of surveyed professionals (45,5%) encountered scams disguised as messages from their organization, colleagues or suppliers within the past year, while 16% suffered negative consequences after such deceptive communication. Other cybersecurity issues closely linked to the human factor include compromised passwords, the leakage of sensitive data, unpatched IT systems and applications, and unlocked and unencrypted devices.

The issue of human-related cyberattacks can be addressed through appropriate education. 14% of respondents acknowledged they made IT-related mistakes due to a lack of cybersecurity knowledge. At the same time, training was named as the most effective means of raising cybersecurity awareness among non-IT employees: 62% of professionals chose it over other options such as treat stories (23%) and references to legal responsibility (44%). These findings show that cybersecurity training is an essential layer of organizational defense.

When allowed to choose specific training topics, respondents said they would select ones dedicated to protecting confidential work data (43,5%); security of accounts and passwords (38%), websites and internet (36,5%), use of social networks and messengers (32%), mobile devices (31,5%), e-mails (29%); safe remote work (24%) and the use of neural network-based services such as chatbots (16,5%), while 25% would prefer to undergo all the above trainings, which highlights the broad demand for comprehensive cybersecurity education.

The data shows that employees are open to improving their cybersecurity skills. However, for this knowledge to become an integral part of their daily IT routines, training needs to be well-structured, tailored to each employee’s role and existing IT skills, regularly updated, and gamified and practical. This approach enhances engagement and knowledge retention. When organizations invest in such education, they are not just meeting a requirement, but also fostering a “security-first” mindset among the workforce. This turns employees from a potential point of weakness into a distributed network of vigilant guards, capable of making smart security decisions instinctively.

“Cybersecurity cannot be siloed within the IT department. From the C-suite to the intern, a shared understanding of digital risks is essential. Building a resilient organization requires empowering every employee with the knowledge to spot a scam, avoid costly mistakes, and become a true guardian of company data,” says Mohamad Hashem, General Manager for Saudi Arabia and Bahrain at Kaspersky.

To strengthen their defences, organizations should consider the following:

• Implement robust monitoring and cybersecurity solutions, for example, from the Kaspersky Next product line.
• Introduce employee education and cybersecurity training, such as the Kaspersky Automated Security Awareness Platform,developed to help IT and HR departments deliver practical cybersecurity skills to employees.
• Implement security policies for employees, covering password and software installation, as well as network segmentation.
• Foster a culture of security: encourage employees to report suspicious activity, reward proactive security behaviors to reinforce good habits.