Breaches highlight 'critical human factor' in security, says expert
Nearly half of the most trusted companies in the United States are vulnerable to cyberattacks because employees are reusing breached passwords, according to a new report.
An analysis by researchers from Cybernews found that 46% of the most reputable brands in the US have employees reusing breached passwords.
This increases the risk of unauthorised access through credential-stuffing attacks, according to the report.
"This highlights a critical human factor in cybersecurity, where poor password hygiene can compromise even strong systems," the media release from Cybernews said.
The analysis found that around half of the companies analysed had high-risk vulnerabilities, while 36% faced critical security issues. Other cybersecurity vulnerabilities identified in the report include:
Over a quarter of the companies covered in the analysis also faced email security issues, making them vulnerable in the wake of persisting phishing attacks recently.
A separate report from KnowBe4 revealed that HR and IT-related emails continue to account for more than 60% of top-clicked phishing emails in the first quarter of 2025.
Source: KnowBe4
"It is evident that attackers understand that employees are conditioned to respond quickly to messages that appear to come from HR or IT, and trust branded content from platforms they use daily like Microsoft, LinkedIn and Google," said Stu Sjouwerman, CEO of KnowBe4, in a statement.
Sjouwerman said the psychological sophistication behind these attacks underscores why human risk management is essential in cybersecurity strategies.
"Organisations must respond by cultivating a security culture that encourages healthy scepticism and verification habits, where employees feel empowered to verify suspicious communications, even when they appear to come from leadership or critical internal departments," he said.
Overall, the Cybernews Business Digital Index showed that the most trusted companies in the US have low cybersecurity standards.
In fact, 53% of them scored a D for their cybersecurity efforts, while 41% scored an F. All of them have also experienced data breaches, with one in four occurring in just the past 30 days.
"Being trusted by the public doesn't mean a company is secure. Our findings show that even the most reputable brands are failing basic cybersecurity standards – and that's a serious concern," said Vincentas Baubonis, Head of Security Research at Cybernews, in a statement.
"Companies must uphold strong digital defences if they want to truly protect their customers and live up to that trust."
