One in four employees lose job after making cybersecurity mistakes
We all make mistakes from time to time, but a cybersecurity error could cost you your job according to a new report.
The study from email security company Tessian finds almost one in four respondents (21 percent) lost their job as a result of a security mistake that compromised their company’s security -- up from 12 percent in 2020.
The report also finds that 26 percent of respondents fell for a phishing email at work in the last 12 months. Two-fifths (40 percent) of employees have sent an email to the wrong person, with 29 percent saying their business lost a client or customer because of the error. In addition 36 percent of employees have made a mistake at work that compromised security and fewer are reporting their mistakes to IT.
When asked about the causes of mistakes half of employees say they have sent emails to the wrong person because they were under pressure to send the email quickly -- up from 34 percent reported by Tessian in its 2020 study. Over two-fifths of respondents cite distraction and fatigue as reasons for falling for phishing attacks.
"With the shift to hybrid work, people are contending with more distractions, frequent changes to working environments, and the very real issue of Zoom fatigue -- something they didn't face two years ago," says Jeff Hancock, a professor at Stanford University who contributed to the report. "When distracted and fatigued, people's cognitive loads become overwhelmed and that’s when mistakes happen. Businesses need to understand how factors like stress can impact people's cybersecurity behaviors and take steps to support employees so that they can work productively and securely."
On average, a US employee sends four emails to the wrong person every month, and organizations are taking tougher action in response to these mistakes that compromise data. Nearly a third of employees (29 percent) say their business lost a client or customer after sending an email to the wrong person -- up from the 20 percent in 2020.
"We know that the majority of security incidents begin with people's mistakes," says Josh Yavor, CISO at Tessian. "For IT and security teams to be successful, they need visibility into the human layer of an organization, so they can understand why mistakes are happening and proactively put measures in place to prevent them from turning into serious security incidents. This requires earning the trust of employees; and bullying employees into compliance won't work. Security leaders need to create a culture that builds trust and confidence among employees and improves security behaviors, by providing people with the support and information they need to make safe decisions at work."
The full report is available from the Tessian site.
Image credit: George Rudy / Shutterstock