Shred-it’s 2018 State of the Industry Report has revealed that 30% of UK companies that suffered a data breach terminated an employee’s contract for related negligence.
1,000 small business owners, 1,000 C-suite executives of large organisations and 1,100 consumers/employees took part in the research, which revealed some interesting findings.
- 88% of C-suites and 49% of small businesses believe that employee negligence is one of the biggest information security risks to their organisation.
- 55% of large businesses that suffered a data breach blamed employee negligence.
- More than 80% of C-suites believe that there is an increased risk of a data breach when employees work off-site.
- 93% of large UK businesses provide some form of physical information security to their employees; just over 46% of smaller businesses do the same.
- 70% of C-suites but just 33% of small businesses train their employees on identifying fraudulent emails.
- 54% of C-suites and 30% of small businesses keep sensitive information out of sight when working in public places.
- Just 55% of C-suites and 27% of small businesses have provided training on the dangers of using public Wi-Fi.
Lack of awareness training
Although businesses are aware of the risks of employee negligence, the statistics above show that they are doing little about providing staff awareness training to mitigate the threats.
Neil Percy, Shred-it’s vice president of market development and integration EMEA, said:
“It might feel like rough justice for employees to be held to account when training is not comprehensive, but it reflects how difficult this process is, even for businesses with extensive resources. There may also be an assumption that some elements are common sense, but that potentially belies how easy it is to be duped by skilled phishers and hackers, or even to lose confidential info during the course of a busy day. Mindfulness is key and training helps.”
If your staff don’t take responsibility for their actions then your organisation opens itself up to greater risks than it needs to. Training, tools and thought-provoking activities can make your staff aware of the cyber risks they face every day, and suggest actions and procedures to minimise those risks.
Source: IT Governance