Nearly half (43 per cent) of employees have made mistakes resulting in cyber security repercussions for themselves or their company, according to new research.
A OnePoll survey of 1,000 workers in the UK during April for email security firm Tessian found that one in five companies have lost customers as a result of mistakenly sending an email to the wrong person – an error that the majority of employees (58 per cent) admitted to making.
A further 10 per cent of workers said they had lost their job after sending an email to the wrong person. A quarter of respondents admitted to clicking on a link in a phishing email at work.
Workers in the tech industry were the most likely to click on links in phishing emails, with nearly half of respondents in this sector (47 per cent) admitting they had done so.
When analysing why these mistakes happen, being distracted came out on top - 47 per cent of respondents cited distraction as the top reason for falling for a phishing scam, while 41 per cent said this was why they had sent an email to the wrong person.
More than half (57 per cent) of workers admitted they were more distracted when working from home, raising concerns that the sudden shift to remote-working this year could open employees and businesses up to even more risks caused by human error.
Other reasons for people clicking on phishing emails included the perceived legitimacy of the email (43 per cent) and the fact that the emails appeared to have come from either a senior executive (41 per cent) or a well-known brand (41 per cent).
Fatigue was another factor that drove 44 per cent of employees to sending an email to the wrong person.
With employees saying they make more mistakes at work when they are stressed (52 per cent), tired (43 per cent) and distracted (41 per cent), the report urged businesses to understand the impact stress and working cultures have on human error and cyber security.
Jeff Hancock, a professor at Stanford University and expert in social dynamics, commented: “Cyber security training needs to reflect the fact that different demographics use technology and respond to threats in different ways and that a one-size-fits-all approach to training won’t work.
“To prevent simple mistakes from turning into serious security incidents, businesses must prioritise cyber security at the human layer," he continued. "This requires understanding individual employees’ behaviours and using that insight to tailor training and policies to make safe cyber security practices truly resonate for each person.”
Recent Stories