Change language

Change country

Why Social Engineering Cyber Attacks Demand Staff Training

Read more below

The Hidden Threat: Why Social Engineering Cyber Attacks Demand Staff Training
Graham Foxwell

Product Marketing Lead - Kyocera Document Solutions (UK)

Social engineering attacks have been in the news over the past few months, whether that’s Phishing, Vishing or the other myriad ways that the human element can be manipulated.

Arup – Vishing | Co-op – Phishing | M&S – Phishing | Ferrari - Whaling

Exploiting human psychology is not a new concept, marketeers have been doing this for over a century to get us to purchase products. However, exploiting human behaviour as a cyber tool started in the mid-90s and has evolved significantly over the years, adapting to technological advancements and becoming more sophisticated.

The National Cyber Security Centre (NCSC) reports that as of June 2025 it has had 43,000,000 scams reported, resulting in 225,000 scams being removed across 405,000 url’s*.

What is Social Engineering?

Social engineering involves manipulating individuals into divulging confidential information or performing actions that compromise security. These attacks often come in the form of phishing emails, fraudulent phone calls, or even in-person deception like vishing. The goal is to trick employees into revealing passwords, clicking malicious links, or granting access to restricted systems.

Unlike traditional cyberattacks, social engineering doesn’t rely on breaking through firewalls or cracking encryption. Instead, it targets the weakest link in any security system: people.

The Risks to Businesses

The consequences of a successful social engineering attack can be devastating. From data breaches and financial loss to reputational damage, legal repercussions, and the deeply personal human cost to the leadership teams and employee’s, the fallout can be severe and long-lasting.

Recent data paints a stark picture:

  • 442% increase in social engineering and stolen credential attacks was recorded in the second half of 2024 alone **.
  • 98% of cyberattacks now rely on some form of social engineering ***
  • 91% of cyberattacks begin with a phishing email ***
  • 40% of employees have clicked on a phishing link, unaware of its malicious intent ***
  • The average cost of a data breach involving social engineering is $4.45 million (approx. £3.52 million GBP) ***

These figures highlight the scale and sophistication of the threat. Even organisations with advanced technical defences are vulnerable if their staff are not adequately trained.

Why Staff Training is Essential

Technology alone cannot protect against social engineering. Firewalls and antivirus software is powerless if an employee unknowingly hands over their login credentials to a convincing scammer. This is why comprehensive staff training is not just beneficial, it’s essential.

Training should focus on:

  • Recognising common tactics: Employees must be able to identify phishing emails, suspicious links, and unusual requests.
  • Understanding the consequences: Real-world examples help illustrate the potential damage caused by a lapse in judgement.
  • Practising safe behaviour: Regular simulations and drills can reinforce good habits and keep security top of mind.
  • Encouraging a security-first culture: Staff should feel empowered to question suspicious activity and report potential threats without fear of reprimand.

Building a Human Firewall

Ultimately, the goal is to turn your workforce into a “human firewall” a first line of defence against social engineering. This requires ongoing education, clear policies, and a culture that prioritises cybersecurity at every level of the organisation.

As cyber criminals become more cunning, the ability of your employees to spot and stop social engineering attacks could be the difference between business as usual and a catastrophic breach.

How Kyocera’s Managed Phishing Defence Can Help

While staff training is essential in building a human firewall, organisations also need robust, proactive tools to reinforce that training and provide real-time protection. Kyocera’s Managed Phishing Defence (MPD) is designed to do exactly that.

This fully managed service helps mitigate the risks of social engineering by combining advanced threat detection with continuous employee education. It includes:

  • Simulated phishing campaigns tailored to your organisation, helping staff recognise and respond to real-world threats.
  • Automated reporting and analytics to identify vulnerable users and track improvements over time.
  • Real-time threat intelligence to stay ahead of evolving phishing tactics.
  • Ongoing awareness training to reinforce best practices and keep cybersecurity top of mind.

By integrating Kyocera’s Managed Phishing Defence into your security strategy, you not only do you significantly reduce the likelihood of successful attacks but also foster a culture of vigilance and accountability. It’s a powerful complement to your technical defences and a critical step in turning your workforce into a resilient first line of defence.

According to a KnowBe4 2025 report, implementing Security Awareness Training (SAT) program such as Kyocera’s MPD, leads to a dramatic reduction in phishing risk: Phishing click rates dropped from 33.1% to just 4.1% over a 12-month period. ****

Strengthen Your Cyber Security with Kyocera

Cookies and your privacy

We use essential cookies to make interactions with our website easy and effective, statistical cookies for us to better understand how our website is used and marketing cookies to tailor advertising for you. You can select your cookie preferences using the 'Preferences' button below, or select 'I agree' to continue with all cookies.

Cookie preferences

Field is required

We use cookies to make sure that our website is working properly or, occasionally, to provide a service on your request (such as managing your cookie preferences). These cookies are always active unless you set your browser to block them, which may prevent some parts of the website from working as expected.

Field is required

These cookies allow us to measure and improve the performance of our website.

Field is required

These cookies are only placed in case you give your consent. We use Marketing cookies to follow how you click and visit our websites in order to show you content based on your interests and to show you personalised advertisement. Currently you do not accept these cookies. Please check this box if you would like to.