Employee negligence named as biggest cybersecurity risk to US businesses

New research from Shred-it’s 2018 State of the Industry Report has revealed that 84% of C-suites and 51% of small business owners have named employee negligence as one of the biggest information security risks to US businesses. Employee negligence was named as a top data breach concern. 

Key findings: 

      • 86% of C-suites and 60% of small business owners say that the risk of a data breach is higher when employees work remotely 
      • 96% of consumers named employee negligence as a contributing factor to data breaches 
      • 47% of C-suites and 42% of small business owners said that human error or accidental loss by an insider had caused a data breach 
      • Only 54% of C-suites and 26% of small business owners have provided training for their employees on the risks of using public Wi-Fi 
      • Small business owners are falling behind when it comes to training staff on identifying fraudulent emails (28%) and keeping sensitive information out-of-sight when working in a public place (28%) compared to larger businesses (71%) and (81%) respectively 

Monu Kalsi, vice president at Shred-it, said: 

The study’s findings clearly show that seemingly small habits can pose great security risk and add up to large financial, reputational and legal risks. For companies looking to better protect their data, smart information security begins with giving employees access to smart information security practices and training. Through consistent training and education, businesses of all sizes can take back ownership of information security and create a more security-minded work culture among their employees. 

Despite these findings, and the awareness of the negative impact that employee negligence is having on organizations, there seems to be little action being taken to train employees. 

With threats continually evolving in sophistication, staff need to be regularly trained on information security procedures so that they can react to potential attacks. Staff cannot be expected to be aware of the potential risks without receiving any training. 

What can you do? 

If your staff don’t take responsibility for their actions then your organization opens itself up to greater risks than it needs to. Training, tools, and thought-provoking activities can make your staff aware of the cyber risks they face every day, and suggest actions and procedures to minimize those risks. 

E-learning courses emphasize the importance of compliance and security, helping staff develop good habits and increase their knowledge. This hassle-free and cost-effective option is a flexible way of delivering training to large numbers of employees. 

A mix of training and awareness methods will help you enforce your messages. Take a look at our other staff awareness solutions here >>