The top factor cited for attackers successfully bypassing systems was human error at 46.10%.

Human error remains the top cybersecurity vulnerability in 2025, with 66% of CISOs citing people as their greatest risk.

43% of cybersecurity professionals identified distraction as a primary reason employees fall victim to cyberattacks.

55% of security leaders are constantly worried that a single employee mistake could put their entire organisation at risk.

Junior sales staff were among the most vulnerable roles, engaging with read VEC attacks at a rate of 86%.

Conversely, EMEA organisations show the highest reporting rate for BEC, at 4.22%

In EMEA, the VEC engagement rate exceeds Business Email Compromise (BEC) by 90%.

7% of VEC engagements came from employees who had engaged with a previous attack.

The overall reporting rate for advanced text-based email threats was just 1.46%.

Telecommunications saw the highest VEC engagement rate at 71.3%.

Employees in large enterprises engaged with malicious vendor messages 72% of the time after reading them, taking follow-up actions such as replying or forwarding.

Repeat engagement with VEC in EMEA is the highest of any region, over twice that of BEC.

The second-ranked industry for VEC engagement rate was the energy/utilities sector (56%).

EMEA organisations demonstrate the lowest reporting rate for VEC, at 0.27%.

In just 12 months, attackers attempted to steal more than $300 million via VEC.

Employees in large enterprises engaged with malicious vendor messages 72% of the time after reading them, taking follow-up actions such as replying or forwarding.

The overall reporting rate for advanced text-based email threats was just 1.46%.

Human error, while still significant, has dropped to third place of most concerning threat actors.

Human error, while still significant, has dropped to third place of most concerning threat actors.

More than half (53%) of respondents agreed that the effort required to run their current SAT tools outweighs their impact.