80% of Us Do This Online Without Thinking: What the Numbers Say About Cyber Habits

by | Jul 30, 2025 | Article, Blog

It’s easy to picture cybersecurity as something technical. Firewalls, hackers, code. But when you look at the numbers, the real risk often starts with habits. Everyday choices. Little shortcuts we barely notice anymore.

That’s what makes the stats so surprising.

The numbers don’t lie

80% of data breaches are caused by human error.
(Source: IBM Cyber Security Intelligence Index)

That includes clicking on suspicious links, using weak passwords, or sending the wrong file to the wrong person.

60% of people reuse passwords across multiple accounts.
(Source: Google/Harris Poll)

It’s understandable. We’re juggling dozens of logins. But one leaked password can open the door to everything else.

1 in 3 employees click on phishing emails.
(Source: Tessian)

Even when people know better, they often click. Stress, speed, and trust play a huge role.

47% of organisations had at least one cloud-based security incident in the last year.
(Source: Check Point)

Remote work and file sharing have created new gaps that aren’t always obvious until something goes wrong.

54% of employees admit to using personal devices for work tasks.
(Source: Bitglass)

That means company data is often stored on phones, laptops, or tablets that may not be protected properly.

Why this matters

You don’t need to memorise every stat. But they all point to the same idea:
Cybersecurity isn’t just about software, it’s about behaviour.

We click fast. We save time. We trust things that feel familiar. And most of the time, it works. Until it doesn’t.

What can we do about it?

  • Start talking about it differently
     Security doesn’t have to sound scary. It’s about making better choices with the tools we already use.
  • Make small changes
     Use a password manager. Turn on two-factor authentication. Pause before clicking. These things really do make a difference.
  • Check in with your team
    Sometimes people don’t follow best practices simply because no one’s explained them clearly. Ask what people find confusing, not just what’s in the policy.

The takeaway

Most cyber risks don’t come from criminals in hoodies. They come from everyday moments. A rushed decision. A reused password. A missed warning.

The numbers are real. But they’re not meant to scare you. They’re a reminder that we’re all part of the system and we all have the power to improve it.