It is a common mantra in cybersecurity that humans are the weakest link. It’s a notion I often push back on, because it is generally used as a sort of tacit excuse for why cybersecurity tools or processes fail, but there is also an element of truth to it.
One of the key takeaways from Verizon’s 2024 Data Breach Investigations Report is that people are the problem. Not intentionally, of course—but whether by mistake, manipulation, or malicious intent, human actions or inactions played a role in 74% of breaches last year. That statistic should serve as a wake-up call for any organization still focused on hardening its networks while neglecting the individuals who interact with them.
The report underscores what many security leaders have long suspected. Attackers aren’t battering down firewalls or exploiting obscure technical vulnerabilities at scale anymore—they’re exploiting people.
And they’re succeeding.
Why the Human Layer Matters More Than Ever
The data paints a clear picture: errors, misuse of privileges, social engineering, and stolen credentials remain the top causes of breaches.
It’s not surprising when you consider today’s work environment. Hybrid and remote work have expanded digital attack surfaces, forcing employees to juggle multiple communication and collaboration tools. Add in an onslaught of sophisticated phishing emails, fake login pages, and cleverly crafted pretexting attacks, and you have a recipe for disaster.
“Technology exists to serve people,” says Scott Crawford, information security research head at 451 Research, part of S&P Global Market Intelligence. “But whenever they have the opportunity to interact with it, the potential exists that human activity can be manipulated for malicious ends.”
And that manipulation is happening at scale. Social engineering campaigns, business email compromise, and credential theft are surging. Misconfigurations in cloud services—often due to human error or oversight—are creating unintentional gaps in security. Even well-intentioned employees can become an organization’s weakest link.
“There is a 20-year-old Gartner prediction that human error would account for 75% of breaches,” notes Richard Stiennon, chief research analyst at IT-Harvest and author of “Security Yearbook 2025.” “It is not a surprise. So yeah, the simple stuff is exploited the most.”
Andrew Bolster, senior R&D manager at Black Duck, emphasizes, “Cybersecurity has always been an arms race between attackers applying the latest technologies to exploit new victims in innovative and interesting ways, while defenders try to stay ahead of these new threats before and as they emerge, often using the same new technologies.”
Reinforcing Security at the Human Layer
The growing body of evidence points to one conclusion: Organizations need to reinforce security where attackers are focusing—on people.
This means going beyond traditional perimeter defenses and endpoint security. It requires an integrated strategy that protects email communications, secures collaboration platforms, and applies robust data loss prevention policies. In short, organizations need to secure the “human layer”—the interface where people, technology, and data intersect.
Scott Crawford emphasizes, “The challenge with limiting risk is to do so without inhibiting technology’s benefits. But there are a number of opportunities today. Education and awareness training can lay a foundation, but advances in behavioral analytics, authentication and multifactor techniques, and zero trust implementations can all help mitigate exposure.”
That’s why reinforcing the human layer doesn’t stop with education alone. It includes embedding smarter defenses into the tools employees use every day, detecting risky behavior patterns, and automating threat response before human error leads to compromise.
Proofpoint and Microsoft: A Blueprint for Human-Centric Security
One example of how organizations are addressing this challenge comes from Proofpoint and Microsoft. The two companies announced an expanded global strategic alliance focused on reinforcing human-centric cybersecurity.
At the heart of the partnership is Proofpoint’s decision to move its platform to Microsoft Azure. By leveraging Azure’s robust AI capabilities and trusted cloud infrastructure, Proofpoint plans to scale its ability to detect and neutralize threats aimed at users. The integration extends deep into Microsoft 365 and Microsoft Sentinel, allowing security teams to automate threat detection and response, enrich their analytics, and enhance data protection.
“Built on top of Microsoft Azure, we’re delivering advanced, preventive protection for the most important layer in the cybersecurity ecosystem—the human layer,” explained Darren Lee, executive vice president and general manager of Proofpoint’s Threat Protection Group, in a press release.
With Nexus intelligence technologies, Proofpoint combines AI models, behavior analysis, and threat intelligence to proactively detect and neutralize risks. One of the critical components of the alliance is Proofpoint’s Targeted Attack Protection, which integrates with Sentinel to provide enriched data for extended detection and response workflows.
The partnership also tackles emerging risks from generative AI tools. These tools, while powerful productivity enhancers, introduce new data leakage concerns that traditional security controls struggle to manage. Proofpoint’s platform includes DLP features designed to monitor and control the flow of sensitive data in generative AI contexts.
Targeted Attacks Are Still a Threat
Despite these advances, Richard Stiennon offers a reality check: “Never lose sight of the fact that a targeted attack can get around any of the things deployed at the human layer.”
“Traditional identity threats to human users continue to evolve. Phishing attacks are becoming increasingly more targeted, using highly personalized tactics driven by social engineering and AI-enhanced data scraping,” stresses James Scobey, CISO at Keeper Security. “Cybercriminals are not only relying on stolen credentials, but also on social manipulation, to breach identity protections. Deepfakes are a particular concern in this area, as AI models make these attack methods faster, cheaper and more convincing.”
This sobering truth highlights that while securing the human layer is critical, it’s not a panacea. Advanced persistent threats, highly targeted spear-phishing campaigns, and insider threats will always require layered defenses, sophisticated detection, and rapid response capabilities. It’s why comprehensive security strategies must balance prevention with detection and resilience.
Human-Centric Security Isn’t Optional Anymore
The reality is stark: nearly three-fourths of breaches involve human failure in some form. If cybersecurity strategies don’t prioritize protecting the human layer, they’re leaving the most exploited vector wide open.
As Scott Crawford points out, “As adversaries look to cast a wider net across potential human targets, the way people interact in processes such as IT service support also presents opportunities for organizations to learn from incidents and take advantage of new and emerging ways to increase awareness of potential threats.”
The Proofpoint-Microsoft alliance is one example of the shift toward people-centric security—one that many organizations will need to follow. By combining AI, automation, and tight integrations with the tools employees rely on, they’re providing a roadmap for reducing human risk and improving overall security posture.
As attackers continue to evolve their tactics, organizations must do the same. Reinforcing security at the human layer isn’t just a good idea; it’s a business imperative.
