By Daniel Blank, COO at Hornetsecurity. Hornetsecurity were finalists in the ‘Security Innovation of the Year (Enterprise)’ category at The 2024/25 Cloud Awards, and the ‘Best Security Solution for Email / Communication Systems‘ at The 2025 Security Awards.

In recent years, the cybersecurity tools at our disposal have become increasingly robust. So why haven’t we seen a greater decline in successful cyberattacks, phishing, and hacking?

The fact is that cyberattacks are increasing in frequency and sophistication. Hornetsecurity’s recent ransomware survey revealed that nearly a third of businesses suffered data loss in 2024. And while there are a variety of culprits for these breaches, the World Economic Forum reports that 95% have to do with simple human error, rather than a technology failure.

All it takes is one seemingly innocuous mistake to let an attacker in and the security of your critical business data and processes is now in question. For example, in 2024, a catastrophic ransomware attack on a healthcare organization led to the dissemination of highly sensitive medical information, and the subsequent insurance blockages forced many patients to pay for services out of pocket, or just go without needed patient care altogether. According to an investigation by the House Committee on Energy and Commerce, the attack was the result of the company’s failure to integrate two-factor authentication and appears to have been wholly preventable.

This is just one of the many security gaps that hackers can exploit to gain access to your data. If you’ve ever trusted public Wi-Fi while traveling, reused a password, or kept login information on an easily accessible post-it, you may have committed one of the more common cybersecurity slip-ups, with potential implications for any business data you have access too.

So, what can be done to address such a broad problem? For cybersecurity technology vendors, it starts with developing tools to meet humans where they are.

Finding the gaps

We’ve all been prompted to set up two-factor authentication in the middle of a task, or been asked to download yet another security app (or update) with *yet another* set of credentials. These asks can feel complicated and daunting, or worse – they can feel like chores. When a person gets to choose between completing a chore and deferring it – or putting it off all together – you can guess which option they will often choose.

For this reason, many businesses fail to mandate many or any cybersecurity policies or awareness training, treating cyber hygiene as an optional nice-to-have, rather than a critical security need that complements any technological safeguards in place. To make sure employees are adopting and maintaining the security practices and tools necessary to protect against cyber-attacks, said tools need to be intuitive, integrated, and as simple to use as possible.

In fact, in an ideal world, users shouldn’t even be aware that their security software is running. That’s because security tools are preventative, catching threats like phishing emails in real time and redirecting them before they ever land in an inbox. After all, when it comes to cyber breaches, no news is good news.

The best software choice for business is also the one that is the most unified. Managing multiple applications with different rules and passwords increases the odds of user error. Using fragmented cybersecurity solutions creates unnecessary vulnerability, creating holes in coverage and increasing complexity. When your security structure exists all in one ecosystem, you minimize that risk, while also making cybersecurity hygiene easier for employees to maintain.

Training your team

It is essential for employees to receive ongoing cybersecurity training. To be as effective as possible, training should always be accessible and engaging. In the post-COVID world, many employees work at least partially from home, and of those remote workers, about 74% have access to critical data. That’s a lot of room for error.

Security training is a critical step when it comes to preventing breaches, curtailing human error, averting threats, and ultimately safeguarding critical data. These exercises can make a world of difference, and should always be intentionally designed to impart real-world lessons with urgency and efficacy, rather than just to tick a box.

We know what can happen when training is deprioritized. Earlier this year, hackers targeted recently laid off U.S. government employees, posing as fake consulting and headhunting firms. Reuters noted that the targeted employees, with top security clearance, were not given the “standard exit briefings” designed to help trainees spot potential threats online. Knowing how to spot imposters is an invaluable capability when it comes to thwarting these attempts.

The goal of effective training is to create a “human firewall” – a line of defense that both fends off potential attacks and builds a sustainable security culture. Changing a long-standing internal culture is easier said than done, but there are three guiding principles that can serve as touchpoints throughout the transition: mindset, skillset, and toolset.

Creating a culture of security

Cultivating a cybersecurity mindset entails educational programming and frequent updates to policy around information security. Without consistent attention to risk, it becomes more likely that employees will make one of the common mistakes that can result in the irretrievable loss of data.

Providing an adequate skillset requires investment in training for your employees. This piece of the puzzle is often missing, as some business leaders assume that top-tier training requires time and money. But one thing is for sure: it costs a lot more of both time AND money to deal with the fallout of a data breach. And with next-gen, AI-powered, automated training, what is often perceived as a time-consuming exercise quickly becomes a breeze.

Lastly, a top-of-the-line toolset can do a lot of the heavy lifting when it comes to catching and deterring attempted attacks. While security software should never be your only line of defense, choosing the right solutions can make a world of difference, and minimize opportunities for mistakes.

Businesses who count on their employees to protect their digital assets need to own the responsibility of making it easy for them to do so, in order to mitigate errors and oversights. That means selectively choosing the right tools, investing in quality cybersecurity awareness education, and creating a culture of digital safety that benefits everyone.

About the Author: Daniel Blank

Daniel Blank has over 15 years of experience selling complex IT products, and 13 years of various managerial positions in the cloud security environment. Daniel joined Hornetsecurity in 2010 as Key Account Manager, quickly becoming Director of Sales, and finally assuming the role of COO in 2014. Today, Daniel is responsible for Sales, Presales/ Education, and Human Resources at Hornetsecurity.