As the cybersecurity landscape evolves, organisations are wrestling with the challenges of advanced technology and the increasing human factors that contribute to security breaches.
AI-driven security tools, cloud services, mobile applications, and enhanced incident response capabilities are now integral to organisational security strategies.
However, the rapid adoption of new technologies also expands the attack surface, creating numerous potential points of compromise.
Human Error Remains Biggest Cybersecurity Risk
According to Mimecast’s recent report for 2025, 95 per cent of all data breaches can be attributed to human error. This includes insider threats, credential misuse, and general user mistakes.
Kaspersky’s IT Security Economics report further supports these findings, revealing that 88 per cent of organisations in 2024 experienced at least one cyber incident, with human error remaining a dominant factor in security breaches.
The European Union Agency for Cybersecurity (ENISA) has identified phishing as the primary method of intrusion, accounting for about 60 per cent of all incidents.
The emergence of models like phishing-as-a-service has made these attacks easier and more automated, allowing cybercriminals to target victims with unprecedented efficacy.
Social Engineering Tactics Target Human Vulnerabilities
Juhan Lepassaar, ENISA’s Executive Director, warned that a disruption on one end can ripple across the entire supply chain.
Cybercriminals are increasingly using social engineering tactics, where they research victims to gather information, enabling them to bypass security measures and gain access to sensitive data, finances, or systems.
Techniques such as phishing, spear phishing, vishing (fraudulent phone calls), and impersonation are now commonplace. Attackers are utilising advanced AI technologies to refine phishing attacks, making them more sophisticated and visually convincing.
Employees unfamiliar with these tactics are at a heightened risk of clicking on malicious links or downloading infected attachments.
In one notable instance, attackers successfully impersonated senior executives to coerce finance personnel into making urgent online transactions, demonstrating how these tactics exploit authority and a sense of urgency to bypass verification processes.
Vishing campaigns are becoming even more convincing, as fraudsters utilise AI voice synthesis technology to create realistic-sounding phone calls.
Challenges for SMEs and Machine Identities
Governments and law enforcement agencies stress the importance of businesses in the fight against cybercrime, highlighting the need for global collaboration.
Despite ongoing calls for stronger cybersecurity strategies, many organisations, particularly small and medium-sized enterprises (SMEs), face significant barriers, including high costs and a lack of expertise.
The World Economic Forum’s Global Cybersecurity Outlook 2024 reported a 30 per cent decline in organisations maintaining minimum viable cyber resilience in 2023, predominantly affecting SMEs.
According to CyberArk’s 2025 Identity Security Landscape report, machine identities now outnumber human identities by 82 to 1. However, in the UAE, 92 per cent of organisations still define ‘privileged user’ solely as a human role, although 42 per cent of machine identities have privileged access.
Consequently, 54 per cent of UAE organisations experienced at least two identity-centric breaches in the past year. Unlike human identities, which rely on usernames and passwords, machine identities are essential for securing automated processes and managing the vast number of connected devices within modern digital ecosystems.
The Dubai Electronic Security Center (DESC) is now working to combat phishing through cybersecurity guidelines.
Proactive Defence Strategies and Future Outlook
To combat these growing threats, experts advocate for a proactive defence strategy that involves both technology and human alertness.
Simple yet effective measures such as implementing multi-factor authentication (MFA) and encryption, alongside fostering a security-aware culture, can significantly mitigate breaches.
Continuous training in phishing awareness, strong password practices, and regular security assessments are essential components of a strong defence strategy.
Organisations will continue to face evolving threats, with AI-powered attacks expected to become more prevalent. The effectiveness of future cybersecurity measures will likely depend on balancing advanced technological defenses with robust human training and awareness programs.