In the digitalized economy, ransomware attacks, technical errors, and human misbehavior are among the biggest cyber risks for companies. The Allianz Risk Barometer 2025 ranks cyber risks as the biggest business threat worldwide, ahead of business interruptions and natural disasters. While technical protection measures are improving, the human factor remains a key challenge for cyber defense.
The Verizon Data Breach Investigations Report 2024 shows that human behavior plays a role in 68% of all security incidents. Even the most modern firewalls can be bypassed if employees click on malicious links. Attackers are using humans as a “gateway” as IT systems become increasingly complex. Phishing attacks are particularly quick to succeed: It often takes less than 60 seconds for users to disclose confidential information after opening a fraudulent email.
However, employees are also an important protection factor. With the right level of awareness, they can recognize and fend off attacks. Typical attack methods include social engineering, which exploits human characteristics such as trust, fear, or curiosity. Phishing, spear phishing, and tailgating are common techniques. The use of deepfakes, in which AI tools enable personalized attacks, is particularly threatening.
Training and awareness strategies are crucial to strengthening the human firewall. Companies should conduct regular training programs tailored to different roles and risk levels. Phishing simulations have also proven their worth. Employees should be encouraged to report suspicious activity without fear of reprisal.
Furthermore, strong technical controls are essential, such as multi-factor authentication (MFA), robust email filters, and anti-malware solutions, as well as regular software updates. Clear contingency plans and incident response procedures are necessary so that employees know how to respond in the event of a compromise.
The legal department also plays a central role in cyber resilience by ensuring legal requirements are met, conducting risk assessments, and developing security policies.
Cyber security is an ongoing process that requires constant attention. A culture of security awareness is crucial. The further development of AI will give rise to both new threats and more advanced defense mechanisms. Technology, processes, and people must work together to create a robust line of defense.
