43 percent of employees make mistakes that have cybersecurity implications
A report released today by email security firm Tessian reveals that 43 percent of US and UK employees have made mistakes resulting in cybersecurity repercussions for themselves or their company.
A quarter of employees confess to clicking on links in a phishing email at work, with distraction cited as a top reason for falling for a phishing scam by 47 percent of employees. This is closely followed by the fact that the email 'looked legitimate' (43 percent), with 41 percent saying the phishing email looked like it came from a senior executive or a well-known brand.
Workers in the technology industry are the most likely to click on links in phishing emails, with nearly half of respondents in this sector (47 percent) admitting they had done so. This is closely followed by employees in banking and finance (45 percent).
Other errors include 58 percent of employees admitting to sending a work email to the wrong person, with 17 percent of those emails going to the wrong external party. This simple error can lead to serious consequences for both the individual and the company, who must report the incident to regulators as well as their customers. In fact, a fifth of respondents say their company had lost customers as a result of sending a misdirected email, while one in 10 employees (12 percent) lost their jobs.
Tim Sadler, CEO and co-founder of Tessian says, "Cybersecurity training needs to reflect the fact that different generations have grown up with technology in different ways. It is also unrealistic to expect every employee to spot a scam or make the right cybersecurity decision 100 percent of the time. To prevent simple mistakes from turning into serious security incidents, businesses must prioritize cybersecurity at the human layer. This requires understanding individual employees’ behaviors and using that insight to tailor training and policies to make safe cybersecurity practices truly resonate."
Interestingly there are significant age and gender differences. Men are twice as likely as women to click on phishing links. While 70 percent of employees who admitted to clicking a phishing email are aged between 18-40 years old, only eight percent of those over 51 say they have done the same.
Half of employees aged 18-30 say they have made mistakes that compromised their company's cybersecurity, compared with just 10 percent of workers over 51. Some 65 percent of 18-30 year-olds say they have sent an email to the wrong person, compared with 34 percent of those over 51.
You can read more about the findings on the Tessian blog.