ABOUT
WHAT OUR CLIENTS SAYEDUCATION CENTREBLOGCONTACT
MANAGED IT
MANAGED IT SUPPORT
SECURITY
PROTECT MY 365M365 MDRM365 TENANT PROTECTIONHUNTRESS MANAGED EDRCYBER ESSENTIALSCYBER AWARENESS TRAININGIRONSCALES EMAIL SECURITYSENTINELONEDNS FILTERDARK WEB MONITORING
CLOUD
HOSTED DESKTOPMICROSOFT 365WAVE TELEPHONY3CX PHONE SYSTEM
BACKUP
DATA BACKUP & DRMICROSOFT 365 BACKUPXERO BACKUPSALESFORCE BACKUPGOOGLE WORKSPACE BACKUP
0161 850 2471
ABOUT
WHAT OUR CLIENTS SAYEDUCATION CENTREBLOGCONTACT
MANAGED IT
MANAGED IT SUPPORT
SECURITY
PROTECT MY 365M365 MDRM365 TENANT PROTECTIONHUNTRESS MANAGED EDRCYBER ESSENTIALSCYBER AWARENESS TRAININGIRONSCALES EMAIL SECURITYSENTINELONEDNS FILTERDARK WEB MONITORING
CLOUD
HOSTED DESKTOPMICROSOFT 365WAVE TELEPHONY3CX PHONE SYSTEM
BACKUP
DATA BACKUP & DRMICROSOFT 365 BACKUPXERO BACKUPSALESFORCE BACKUPGOOGLE WORKSPACE BACKUP
0161 850 2471

Could Confidence Be Your Biggest Cyber Security Risk?

Michael Tunstall

June 6, 2025

You trust your team. They’re smart, capable, and know better than to click on dodgy links or download unexpected attachments.

They understand what phishing is. They’ve heard the warnings. They know cyber criminals use convincing tactics to trick people into handing over sensitive information or infecting systems with malware.

So, they’re not likely to fall for a scam.

Right?

Not necessarily.

Here’s the catch: being aware of phishing doesn’t mean you’re immune to it. In fact, confidence can be dangerous.

Recent research found that 86% of employees believe they can confidently spot phishing emails. But more than half of them have still fallen victim to a scam.

That’s the real risk — overconfidence.

Today’s phishing scams are no longer obvious. Forget the “Nigerian prince” emails. Now it’s fake invoices that look exactly like the real thing. Password reset requests that seem to come from Microsoft. Emails that appear to be from your suppliers, your IT team, or even your CEO.

And when someone thinks they’d never fall for one of these… they’re more likely to lower their guard.

This is a classic example of the Dunning-Kruger effect — a psychological bias where people with limited knowledge overestimate their competence. It’s not about intelligence. It’s about the gap between what we think we know and what we actually do.

What’s the impact of this in a business?
When staff are overconfident, they’re less likely to double-check links or question suspicious messages. They trust their gut… and click. And just like that, your systems could be compromised.

So, how do you reduce the risk?

Invest in ongoing cyber awareness training. Regular, engaging training helps employees stay alert to the evolving tactics used in phishing and social engineering scams.

Run simulated phishing attacks. Realistic tests reveal who’s most vulnerable and highlight where further education is needed — before a real attack happens.

Create a blame-free reporting culture. Encourage employees to speak up if something seems off. The faster you know about a potential threat, the faster you can respond.

Cyber security isn’t about being the smartest person in the room. It’s about being aware, staying vigilant, and never assuming you're safe just because you feel confident.

Because often, the moment someone thinks “I’d never fall for that”... is the moment they do.

<All Posts