Blog
What’s next? Key Predictions for Human Risk in 2025
The landscape of human risk is evolving faster than ever before. From escalation of digital threats to physical violence and challenges caused by fraudulent employees, insider actors, and third-parties, the coming year will demand an increased focus from organizations on the human factors in risk management.
In this blog, we’ll explore four key predictions that highlight how human risks posed by people inside and outside of your organization will shape the next 12 months. By understanding these emerging trends, organizations and individuals can be better prepared to bridge the gap between digital and human risk – and more effectively mitigate threats to people, assets, operations, and company reputation.
Executives and employees will face increasing levels of online vitriol
In 2025 we can expect to see continued human risk attacks against company executives, employees, and their families. In a 2021 Pew Research Center report, 4 in 10 Americans experienced online harassment, with 25% reporting severe forms of harassment, including physical threats, stalking, sexual harassment or sustained harassment. While the rates of harassment haven’t changed significantly in recent years – and we don’t expect they will do so in 2025 – the severity of the harassment has increased. Through our client work we have witnessed escalated harassment this year, as a growing number of executives and their families sought out our help and protection.
Today’s volatile political and online environments embolden individuals, politically motivated groups, government sponsored hackers, and nation-states to threaten executives and/or employees with serious damages that can have a lasting impact. These include escalation to the level of physical threats, reputational damage, extortion, impersonation and more. The reduction in social media moderation and availability of new technologies such as AI deepfake generators make it all too easy to act. Effectively managing these risks requires understanding them better – getting to the ‘who’ behind the threats. Attribution, while critical, is complex and requires specialized human expertise, tradecraft, and technology.
Enterprise investment in executive protection will reach an all time high
Given recent events, employee safety and executive protection are top of mind for many security teams and business leaders. We can expect to see a realization among companies that they need to invest more to identify potential risk factors for digital and physical risks.
To effectively protect executives in 2025, organizations should take a proactive, comprehensive approach – one that helps them better understand the risks, monitor relevant digital channels for emerging threats, and use intelligence to quickly know who is behind the threat to drive real-world consequences.
Given the fact that physical threats often begin in the digital realm, identifying and addressing digital risks early can prevent physical harm. Social media activity, current events, and geopolitical developments can all contribute to exposing executives, their families, and others in an organization to risk. Doxxing – publicly exposing private information with malicious intent – is a rising threat in our digital-first world. For executives, this means sensitive details including home addresses or phone numbers could be weaponized, creating both reputational and physical security risks. Recognizing that bad actors often exploit publicly available personally identifiable information (PII) to target individuals, organizations must consider proactive digital footprint reduction. Reviewing and reducing an individual’s digital footprint regularly, while balancing appropriate executive visibility, can minimize the risk of exposure. This includes limiting the personal information they share, securing their social media accounts with strong passwords and multi-factor authentication, and regularly monitoring for potential risks.
By re-defining executive protection to include both digital and physical domains, and taking proactive steps to minimize executive exposure across all platforms, your organization can help ensure the safety of all executives and employees.
Insider threats will result in higher business losses than ever before
According to data from PwC, 57% of fraud is committed by company insiders or a combination of insiders and outsiders. Moreover, according to Cybersecurity Insiders’ 2024 Insider Threat Report, 83% of organizations reported at least one insider attack in the last year – which was an increase of five times over the amount in 2023. Insider threats pose unique challenges for organizations, as they can emerge from trusted individuals with legitimate access to sensitive systems and data.
To help security, human resources, and legal teams identify potential insider threats, organizations should monitor three key categories of indicators: behavioral, technical, and organizational. Behavioral signs include unexplained changes in attitude, excessive secrecy, or unusual work hours. Technical indicators can involve irregular file downloads, unauthorized access attempts, or data movement to external devices. Organizational patterns – such as a lack of role clarity or unchecked administrative access – can also create vulnerabilities for exploitation.
By blending proactive monitoring with a culture of accountability, organizations can reduce the risks posed by insiders. Regular audits, clear access policies, and training on acceptable use ensure teams know what to look for while reinforcing trust and security.
Addressing employment fraud will be a higher priority for enterprises
In today’s remote-first world, employment fraud is a growing challenge for organizations of all sizes. According to Upwork, an estimated 32.6 million Americans will be working remotely in 2025, which equates to about 22% of the workforce. The combination of remote work, the latest technologies, and never physically meeting your employees has made it very easy for job applicants to mask their true identities from their employer and commit employment fraud. From nation-state actors infiltrating companies, to individuals outsourcing their roles to gig workers, employment fraud comes in many forms – and it’s more prevalent than ever.
In fact, in our work, we uncovered numerous examples of North Korean applicants using fraudulent identities to secure jobs in the U.S. Just this past December, the U.S. indicted 14 North Korean nationals for conspiracies to commit wire fraud, money laundering, and identity theft. These individuals worked for North Korean companies located in China and Russia, and conspired to use false or stolen identities to conceal their North Korean identities and locations from employers. This is just the latest example of North Korean nationals looking to infiltrate U.S. companies using fake identities, with the goal of skirting sanctions to earn money and/or gain access to systems and information for future nefarious purposes.
Recognizing that remote and hybrid working will continue to be a reality in the coming year, the threat of employment fraud will only grow in importance. Organizations – and their HR, legal, and security teams in particular – need to recognize the red flags of employment fraud in order to be able to prevent it before it impacts operations or company reputation. These red flags include an employee having different skill sets than advertised on a resume, discrepancies in employee documentation, or a lack of connections or activities outside of work. In 2025, organizations should be on the lookout for additional red flags such as candidates that avoid being on camera, or who make suspicious address changes during onboarding. Strengthening your recruiting, hiring and onboarding processes will help protect your organization and ensure that your team is built on trust, authenticity, and shared purpose.
2025: The year of human risk
General awareness of human risk threats is growing. In the coming year, organizations will need to take the initiative to better understand what these threats entail, how exposed their organization is to them, what actions they should be taking, and how they can improve their programs to limit their risk. Understanding how closely the digital and physical aspects of human risk are intertwined is a solid place to start.
Follow the link for more information on how Nisos Human Risk Solutions can help your organization identify and mitigate human risk threats.
About Nisos®
Nisos is the Managed Intelligence Company. We are a trusted digital investigations partner, specializing in unmasking threats to protect people, organizations, and their digital ecosystems in the commercial and public sectors. Our open source intelligence services help security, intelligence, legal, and trust and safety teams make critical decisions, impose real world consequences, and increase adversary costs. For more information, visit: https://www.nisos.com.