IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Cybersecurity threats data breaches australia new zealand digital locks warning
#
Data Protection
#
MFA
#
Phishing

Cybersecurity breaches rise as risky behaviours outpace awareness

Thu, 16th Oct 2025
Author image
By Melvin Hipolito, Editor

New research highlights a growing divide between cybersecurity awareness and actual workplace behaviour, with recent findings suggesting increasing risk for organisations in Australia, New Zealand, and globally.

Survey findings

According to Arctic Wolf's 2025 Human Risk Behaviour Snapshot, 68% of IT leaders worldwide reported organisational breaches in the past year, representing an 8% increase compared to figures from 2024. The steepest year-on-year increases in breaches were reported by organisations in Australia, New Zealand, and the UK & Ireland.

The independent survey, which included responses from more than 1,700 IT leaders and end users across the globe, found that everyday behaviours around phishing and artificial intelligence (AI) usage are significant contributors to these breaches. Nearly two-thirds of security and IT leaders admitted to clicking on malicious links, while about half of surveyed employees did the same. Despite these admissions, three-quarters of leaders expressed confidence in their organisations' security against phishing attempts. Notably, one in five leaders who clicked on a malicious link did not report the incident.

Generative AI concerns

The survey also revealed a widespread, risky use of generative AI tools at work. Eighty percent of IT leaders and 63% of employees reported using such tools in a professional context. Of these, 60% of leaders and 41% of staff acknowledged entering confidential information into AI systems, raising further concerns about data leakage and privacy risks.

Senior leadership teams, often responsible for shaping cyber policies, were not immune to targeted attacks. Thirty-nine percent reported being victims of phishing attempts in the past year, and 35% stated their teams had dealt with malware infections threatening high-value accounts. These statistics suggest that boardroom-level targets remain central to attackers' strategies.

Security gaps and response strategies

The survey highlighted further issues in cyber hygiene. Only 54% of organisations enforce multi-factor authentication (MFA) for all users, leaving a notable proportion of entry-level accounts exposed to attackers.

In response to cyber incidents, the research found diverging approaches among organisations. Seventy-seven percent of IT leaders asserted they would dismiss staff who fell for online scams, up from 66% in 2024. By contrast, organisations prioritising corrective training over punitive measures reported an 88% reduction in overall risk.

Expert commentary

"The rise of generative AI has created powerful new tools-but also powerful new risks. When leaders are overconfident in their defences while overlooking how employees actually use technology, it creates the perfect conditions for mistakes to become breaches," said Adam Marrè, Senior Vice President and Chief Information Security Officer at Arctic Wolf. "Progress comes when leaders accept that human risk is not just a frontline issue but a shared accountability across the organisation. Reducing that risk means pairing stronger policies and safeguards with a culture that empowers employees to speak up, learn from errors, and continuously improve."

Regional context

For organisations in Australia and New Zealand, the increase in breaches aligns with the survey's broader global findings. The report attributes this jump to complacency and high-risk behaviours regarding phishing and confidential data handling. Senior leaders in these regions were just as likely as their international counterparts to engage with phishing links or bypass established security protocols, with 80% of security and IT leaders in ANZ admitting to clicking on phishing links. Of those, one in five did not report the incident. The snapshot further found that 60% of IT leaders in ANZ shared confidential data with AI tools, while 51% admitted to disabling security measures on their systems.

These results collectively indicate that while technical safeguards remain critical, cultural and behavioural factors play an equally significant role in determining organisational vulnerability to cyber threats.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Adobe deepens AI strategy with hybrid models & agentic tools
Ping Identity launches platform to secure & manage AI agents
CoreWeave selects VAST Data in USD $1.17bn AI cloud platform deal
Gigamon unveils quantum-safe cryptography in GigaVUE update
Barracuda unveils AI assistant to boost security team efficiency

Top stories

EXOq research hub to boost Oxford region by GBP £1.4 billion
Milestone unveils generative AI plug-in for smarter video analytics
Geneva launches first citywide quantum network for research & industry
Avanade unveils suite of Microsoft-powered tools for midmarket firms
Forrester predicts AI errors to cost B2B firms over USD $10 billion