KnowBe4 research reveals a confidence gap in cybersecurity, leaving organisations at risk

KnowBe4 has released new research indicating that while 86% of employees believe they can confidently identify phishing emails, nearly half have fallen for scams.

The study, which surveyed professionals across the UK, USA, Germany, France, Netherlands, and South Africa, reveals a growing gap between confidence and competence in identifying cyber threats.

Notably, South Africa leads with both the highest confidence levels and the highest scam victimisation rate, suggesting that misplaced confidence can create a false sense of security, leaving employees more susceptible to advanced cyber threats.

Beyond training, the report highlights the importance of fostering a transparent security culture. While 56% of employees feel “very comfortable” reporting security concerns, 1 in 10 still hesitate due to fear or uncertainty.

Key findings from the survey include:

86% of employees believe they can confidently identify phishing emails.
24% have fallen for phishing attacks.
12% have been tricked by deepfake scams.
68% of South African employees reported falling for scams—the highest victimisation rate.

“Overconfidence fosters a dangerous blind spot—employees assume they are scam-savvy when, in reality, cybercriminals can exploit more than 30 susceptibility factors, including psychological and cognitive biases, situational awareness gaps, behavioural tendencies, and even demographic traits,” said Anna Collard, SVP content strategy and evangelist, KnowBe4. “With phishing, AI-driven social engineering, and deepfake scams evolving rapidly, organisations must counteract misplaced confidence with hands-on, scenario-based training.

“True cyber resilience comes not from assumed knowledge but from continuous education, real-world testing and an adaptive security mindset.”

The survey findings emphasise the critical need for personalised, relevant, and adaptive training that caters to employees’ individual needs while considering regional influences and evolving cyber tactics.

Organisations that prioritise this approach will not only reduce risk but also cultivate a genuine security-first culture. In the battle against digital deception, the most dangerous mistake employees can make is assuming they are immune.

The survey findings, “Security Approaches Around the Globe: The Confidence Gap,” is available for download here.

To read more Eskenzi news, click here.

NEWS

“Keeping DEI on the agenda: progressing, not regressing” announced as topic for Eskenzi’s Most Inspiring Women in Cyber Awards panel

25/02/2025

ISC West 2025

“ISC West serves as a bridge between physical and cyber, helping organisations tackle the complex threat landscape.”

24/02/2025

NEWS

Armis to protect cyber-physical systems with NVIDIA Cybersecurity AI

14/02/2025