KnowBe4, cybersecurity platform that comprehensively addresses human risk management, has released new research indicating that while 86% of employees believe they can confidently identify phishing emails, nearly half have fallen for scams. The study, which surveyed professionals across the UK, USA, Germany, France, Netherlands, and South Africa, reveals a growing gap between confidence and competence in identifying cyber threats.
Notably, South Africa leads with both the highest confidence levels and the highest scam victimization rate, suggesting that misplaced confidence can create a false sense of security, leaving employees more susceptible to advanced cyber threats. Beyond training, the report highlights the importance of fostering a transparent security culture. While 56% of employees feel “very comfortable” reporting security concerns, 1 in 10 still hesitate due to fear or uncertainty.
Key findings from the survey included:
● 86% of employees believe they can confidently identify phishing emails.
● 24% have fallen for phishing attacks.
● 12% have been tricked by deepfake scams.
● 68% of South African employees reported falling for scams—the highest victimisation rate.
“Overconfidence fosters a dangerous blind spot—employees assume they are scam-savvy when, in reality, cybercriminals can exploit more than 30 susceptibility factors, including psychological and cognitive biases, situational awareness gaps, behavioural tendencies, and even demographic traits,” said Anna Collard, SVP content strategy and evangelist, KnowBe4. “With phishing, AI-driven social engineering, and deepfake scams evolving rapidly, organisations must counteract misplaced confidence with hands-on, scenario-based training. True cyber resilience comes not from assumed knowledge but from continuous education, real-world testing, and an adaptive security mindset.”
The survey findings emphasize the critical need for personalised, relevant, and adaptive training that caters to employees’ individual needs while considering regional influences and evolving cyber tactics. Organisations that prioritise this approach will not only reduce risk but also cultivate a genuine security-first culture. In the battle against digital deception, the most dangerous mistake employees can make is assuming they are immune.
The survey findings, “Security Approaches Around the Globe: The Confidence Gap,” is available for download here.
