Why Employees Hide Cyber-Security Incidents
Uninformed and careless employees are hiding security incidents from their company, but security policies that are not punitive and don’t foster fear can help.
52% of the businesses surveyed admitted that employees are their biggest weakness in IT security because workers’ careless actions put the company at risk.
Employees hide security breaches at 40% of businesses, with larger companies most affected. Large companies (over 1000 employees): 45%.
SMBs (50 to 999 employees): 42%.
Very small businesses (49 or fewer employees): 29%
In addition to employees who hide incidents, 46% of IT security incidents are caused by uninformed or careless employees.
Although malware becomes more sophisticated daily, the human factor is evergreen and can pose an even greater danger.
30% of the security events that took place during the past 12 months involved staff members working against their own employer.
Sharing inappropriate data via mobile devices: 47%
Loss of mobile devices, exposing company data: 46%
Employees’ inappropriate use of IT resources: 44%
Of those companies that experienced virus and malware incidents, 53% said careless and uninformed employees were the top contributing factors. 36% think phishing and social engineering contributed to the attack.
27% of the businesses surveyed were victims of targeted attacks—a 6% rise since last year. Of these, 28% believe phishing and social engineering contributed to the attack.
46% of respondents confirmed that security incidents resulted in their business’ data being leaked or exposed because of employee actions.
28% of respondents have lost highly sensitive or confidential customer and employee information because of irresponsible workers, and 25% have lost payment information.
33% of businesses worldwide are still concerned about BYOD, and 48% worry about employees inappropriately sharing company data via mobile devices.
An IT security policy is not enough because 44% of employees don’t follow it, and only 26% of companies enforce it.
Train all employees to pay attention to cyber-threats and countermeasures.
Install security updates to ensure anti-malware protection is on.
Have workers make it a priority to manage their personal passwords.