Counter Overconfidence with Cybersecure Practices

Blog

Rising employee overconfidence, combined with increasingly sophisticated AI driven cyberattacks, is putting SMBs at greater risk and demands stronger policies, better training and more robust cybersecurity defenses.

Feb 03, 2026

Cybersecurity

Recent research discovered workers under the age of 35 (roughly those in Gen Z and Millennial cohorts) may be more easily duped by malicious social engineering techniques. About a quarter of employees surveyed expressed confidence they would be able to spot suspicious messages – despite never having received cybersecurity training. Yet, 15% of the same respondents reported that they would share data or make payments using messaging apps– without first verifying the sender – if the communication seemed to come from a company leader or colleague.
This study is distressing in an age when artificial intelligence (AI) technology enables phishing campaigns, malware creation and deepfake-driven social engineering attacks. And in a period when a single worker’s overconfidence could lead to a security breach that costs an organization millions of dollars.
Consider these illuminating cyberfraud stats:
  • Researchers at McKinsey reported a 1200% rise in phishing attacks since the rise of generative AI in late 2022.
  • Other studies indicate that last year ransomware payouts doubled on average.
  • Cyber risk analysts estimate the average cost of what are termed “insider threats” – i.e., unsafe cyber practices by employees, contractors and/or business partners – at more than $17 million.
Why should executives at small- to medium-sized businesses (SMBs) pay attention to these findings? Because they are the targets of roughly a third of today’s cybercrime.
And how can SMB leaders cope with this troubling trend of worker complacency? We recommend a three-pronged cybersecure approach:
  • Comprehensive Policy – Develop and establish formalized policies and guidelines specifically for working with AI platforms. Review, acknowledge and attest to the acceptable use of AI tech at least once a year.
  • Thorough Training – Educate employees at all levels – from frontlines to C suite – to recognize and deflect common techniques like spear-phishing, deepfakes and bogus websites.
  • Maximize Defenses – Implement and scrupulously maintain applications for...
    • Data loss prevention
    • Endpoint/Antivirus filtering
    • Safe web browser filtering
    • Identify access management
    • Data Encryption

Interested in learning more? Call us for a consultation.

Counter Overconfidence with Cybersecure Practices