EMEA CISOs call time on‘ tick-box’ cyber training as human cyber-risk remains unresolved
KELA finds cybercrime hits record scale with 2.86 billion credentials stolen in 2025 as ransomware evolves beyond extortion
CISO news
EMEA CISOs call time on‘ tick-box’ cyber training as human cyber-risk remains unresolved
MEA CISOs are calling time on traditional security awareness
E training, as new research reveals that 78 % believe their approach to security awareness education urgently needs to evolve.
The research from MetaCompliance highlights the widespread concern among CISOs that current methods are failing to address human cyber-risk.
The study, which surveyed 200 CISOs across the United Kingdom, Sweden, Germany and France, found that 81 % of CISOs say security awareness programmes fail because they treat human cyber-risk as a training issue rather than a wider risk management challenge.
At the same time, 68 % of businesses identify employees as their biggest security risk, highlighting a persistent and unresolved vulnerability at the heart of enterprise security.
James Mackay, Chief Executive Officer at MetaCompliance, said:“ Confidence is rising, but that doesn’ t mean risk is falling. Many businesses mistake completed security training for real security, when the underlying human vulnerabilities haven’ t changed.
“ This creates a dangerous disconnect. Businesses feel more secure, yet employees remain the biggest source of risk. At the same time, threats are becoming more sophisticated, with AI accelerating the scale and precision of social engineering attacks. This is leaving organisations increasingly exposed if this gap isn’ t addressed.”
KELA finds cybercrime hits record scale with 2.86 billion credentials stolen in 2025 as ransomware evolves beyond extortion
ELA, a global leader in cybethreat intelligence and external threat
K exposure management, has released The State of Cybercrime 2026: Emerging Threats & Predictions, its annual analysis of the global cybercrime landscape.
The report reveals a record surge in cybercrime activity, driven by a fundamental shift in attacker behaviour and the adoption of malicious, autonomous AI that is outpacing traditional organisational defences. KELA’ s Cyber Intelligence Centre( CIC) tracked 7,549 ransomware victims in 2025, a 45 % increase over the previous year, with more than 53 % located in the US.
Criminals are using a technique called‘ Vibe Hacking’ to trick AI assistants into performing malicious tasks by disguising them as legitimate requests. KELA confirms that major global threat groups are already using these autonomous tools to run large parts of their operations with almost no human help.
KELA reports that organisations face systemic internal risks from‘ Shadow
AI’, where the input of confidential data or credentials into unauthorised tools can lead to immediate data leakage. Without a centralised asset registry and strict governance, Shadow AI creates an unmonitored attack surface.
Underlying this surge is a growing reliance on stolen credentials as the primary method of access. KELA’ s CIC identified 2.86 billion compromised credentials in 2025.
“ We’ re seeing a fundamental pivot in adversary behaviour with the shift from AI-assisted tools to fully autonomous, agentic malicious workflows, where over 80 % of operations require minimal human oversight,” said David Carmiel, CEO of KELA.
“ Organisations relying on stale intelligence and legacy defences instead of AI-powered solutions are leaving the door wide open to attacks.”
10 WWW. INTELLIGENTCISO. COM