Human Error Drives Cyber Breaches as Only Half of Egyptian Professionals Receive Cybersecurity Training
A new Kaspersky survey covering the Middle East, Turkiye, and Africa (META) has revealed a significant cybersecurity knowledge gap among Egyptian professionals, with only 46% reporting that they have received training on digital threats. The report, titled «Cybersecurity in the Workplace: Employee Knowledge and Behavior», highlights that despite human error being a leading cause of cybersecurity breaches, organizations are still falling short in equipping their workforce with the skills needed to identify and mitigate digital risks.
According to the findings, many attacks are strategically designed to bypass technical defenses by exploiting human psychology. Social engineering tactics such as phishing emails remain among the most prevalent methods used by cybercriminals. Nearly 43% of surveyed professionals said they had encountered scams impersonating colleagues, suppliers, or their own organization within the past year, while 16.5% experienced negative consequences as a result of these deceptive messages.
Other vulnerabilities closely tied to human behavior include weak or compromised passwords, accidental data leaks, unpatched systems, and the use of unlocked or unencrypted devices. The report notes that 13.5% of respondents admitted making IT-related mistakes due to insufficient cybersecurity knowledge, further underscoring the urgent need for continuous employee education.
Training emerged as the single most effective method for raising cybersecurity awareness among non-IT staff, selected by 60% of respondents. This was ahead of sharing cautionary breach stories (19%) and referencing legal responsibilities (46%). When asked about preferred training topics, professionals highlighted protecting confidential work data (41%), securing accounts and passwords (39%), website and internet safety (35%), mobile device protection (34.5%), safe use of social networks and messaging apps (32%), email security (31%), secure remote work (28%), and the safe use of AI-driven services such as chatbots (21%). Notably, 17.5% said they would prefer to receive training in all these areas, signaling a strong appetite for comprehensive cybersecurity education.
Kaspersky emphasized that for training to be effective, it must be structured, role-specific, regularly updated, and rooted in real-world scenarios. Gamified and practical approaches were identified as key to improving engagement and long-term retention. According to the company, organizations that invest in ongoing cybersecurity education help cultivate a security-first culture—transforming employees from potential weak points into active defenders who can recognize threats and act swiftly.
“Cybersecurity can’t live solely within the IT department. Everyone—from executives to new hires—needs a clear grasp of digital risks. A truly resilient organization is built by equipping every employee with the skills to recognize scams, prevent costly errors, and safeguard company data,” said Rashed Al Momani, General Manager for the Middle East at Kaspersky.
To bolster their defenses, Kaspersky recommends that organizations:
• Implement robust monitoring tools and cybersecurity solutions such as the Kaspersky Next product line.
• Introduce structured employee awareness programs, including the Kaspersky Automated Security Awareness Platform designed to help IT and HR teams deliver practical training at scale.
• Establish and enforce clear security policies covering passwords, software installation, and network segmentation.
• Foster a proactive security culture by encouraging employees to report suspicious activity and rewarding responsible cyber behavior.
The survey was conducted in 2025 by the research agency Toluna on behalf of Kaspersky. The study included 2,800 online interviews with employees and business owners in Turkiye, South Africa, Kenya, Pakistan, Egypt, Saudi Arabia, and the UAE.