Why Employees Hide Cyber-Security Incidents

Why Employees Hide Cyber-Security Incidents

Why Employees Hide Cyber-Security IncidentsWhy Employees Hide Cyber-Security Incidents

Uninformed and careless employees are hiding security incidents from their company, but security policies that are not punitive and don’t foster fear can help.

Biggest Chink in Security ArmorBiggest Chink in Security Armor

52% of the businesses surveyed admitted that employees are their biggest weakness in IT security because workers’ careless actions put the company at risk.

Hiding Security IncidentsHiding Security Incidents

Employees hide security breaches at 40% of businesses, with larger companies most affected. Large companies (over 1000 employees): 45%.
SMBs (50 to 999 employees): 42%.
Very small businesses (49 or fewer employees): 29%

Uninformed or Careless EmployeesUninformed or Careless Employees

In addition to employees who hide incidents, 46% of IT security incidents are caused by uninformed or careless employees.

Human Factor Is EvergreenHuman Factor Is Evergreen

Although malware becomes more sophisticated daily, the human factor is evergreen and can pose an even greater danger.

Malicious StaffMalicious Staff

30% of the security events that took place during the past 12 months involved staff members working against their own employer.

What Businesses Fear Most About EmployeesWhat Businesses Fear Most About Employees

Sharing inappropriate data via mobile devices: 47%
Loss of mobile devices, exposing company data: 46%
Employees’ inappropriate use of IT resources: 44%

Employees, Viruses and MalwareEmployees, Viruses and Malware

Of those companies that experienced virus and malware incidents, 53% said careless and uninformed employees were the top contributing factors. 36% think phishing and social engineering contributed to the attack.

Employees and Targeted AttacksEmployees and Targeted Attacks

27% of the businesses surveyed were victims of targeted attacks—a 6% rise since last year. Of these, 28% believe phishing and social engineering contributed to the attack.

Employee Actions and Data LeaksEmployee Actions and Data Leaks

46% of respondents confirmed that security incidents resulted in their business’ data being leaked or exposed because of employee actions.

Types of Information LostTypes of Information Lost

28% of respondents have lost highly sensitive or confidential customer and employee information because of irresponsible workers, and 25% have lost payment information.

Concerns About BYOD PersistConcerns About BYOD Persist

33% of businesses worldwide are still concerned about BYOD, and 48% worry about employees inappropriately sharing company data via mobile devices.

Weak PoliciesWeak Policies

An IT security policy is not enough because 44% of employees don’t follow it, and only 26% of companies enforce it.

RecommendationsRecommendations

Train all employees to pay attention to cyber-threats and countermeasures.
Install security updates to ensure anti-malware protection is on.
Have workers make it a priority to manage their personal passwords.

Karen A. Frenkel
Karen A. Frenkel
Karen A. Frenkel is a contributor to CIO Insight. She covers cybersecurity topics such as digital transformation, vulnerabilities, phishing, malware, and information governance.

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Latest Articles