A new KnowBe4 survey, Security Approaches Around the Globe: The Confidence Gap, reveals a disparity between employee confidence and actual cybersecurity awareness, putting organisations at increased risk.
The research indicates that while 86% of employees believe they can identify phishing emails, nearly half have fallen victim to scams.
The study, which surveyed professionals across the UK, USA, Germany, France, Netherlands and South Africa, found that South Africa reported the highest scam victimisation rate, despite also having high confidence levels. This suggests that misplaced confidence can create a false sense of security. The report also emphasises the importance of a transparent security culture, noting that while 56% of employees feel comfortable reporting security concerns, one in 10 still hesitate.
“Overconfidence fosters a dangerous blind spot – employees assume they are scam-savvy when, in reality, cybercriminals can exploit more than 30 susceptibility factors, including psychological and cognitive biases, situational awareness gaps, behavioural tendencies and even demographic traits,” said Anna Collard, SVP Content Strategy and Evangelist, KnowBe4.
“With phishing, AI-driven social engineering and deepfake scams evolving rapidly, organisations must counteract misplaced confidence with hands-on, scenario-based training. True cyber-resilience comes not from assumed knowledge but from continuous education, real-world testing and an adaptive security mindset.”
KnowBe4’s findings underscore the need for personalised and adaptive training that addresses individual employee needs and evolving cybertactics. The company argues that organisations prioritising this approach will not only reduce risk but also cultivate a genuine security-first culture.
