Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cybersecurity News

Study Says Organizations Not Doing Enough to Prevent Employee-Caused Security Incidents

May 23, 2016

While employee-related security risks are the number-one concern for security professionals, organizations are not taking adequate steps to prevent negligent employee behavior.

The study, Managing Insider Risk Through Training & Culture, from Experian Data Breach Resolution and the Ponemon Institute, asked more than 600 individuals at companies that currently have a data protection and privacy training program to weigh in on the topic of negligent and malicious employee behaviors, as well as the consequences of poor security conduct and the effectiveness of training.

The study found that more than half (55 percent) of companies surveyed have already experienced a security incident due to a malicious or negligent employee. However, despite investment in employee training and other efforts to reduce careless behavior in the handling of sensitive and confidential information, the majority of companies do not believe that their employees are knowledgeable about the company's security risks.

"Among the many security issues facing companies today, the study emphasizes that the risk of a data breach caused by a simple employee mistake or act of negligence is driving many breaches. Unfortunately, companies continue to experience the consequences of employees either falling victim to cyberattacks or exposing information inadvertently," said Michael Bruemmer, vice president, Experian Data Breach Resolution. "There are several steps that companies should take to better equip their employees with the tools they need to protect company data, including moving beyond simple employee education practices and shifting to a culture of security."

According to the survey, only 46 percent of surveyed companies make training mandatory for all employees. When companies experience a data breach, they have a unique opportunity to re-engage employees around protecting company data. Unfortunately, 60 percent of companies do not require employees to retake security training courses following a data breach, missing a key opportunity to emphasize security best practices.

The effectiveness of training programs varies greatly, and many are not extensive enough to drive significant behavioral change. Only half of companies agree or strongly agree that current employee education programs actually reduce noncompliant behaviors.

These critical areas are covered in less than half of basic programs: 

• Phishing and social engineering attacks (49 percent)
•Mobile device security (38 percent)
•Using cloud services safely (29 percent)

The study also found that companies are not currently implementing a number of simple incentives that could encourage positive security behaviors. Of the companies surveyed, 67 percent provide no incentives to employees for being proactive in protecting sensitive information or reporting potential issues. Among those that do provide incentives, only 19 percent provide a financial reward and only 29 percent mention security in performance reviews. Furthermore, the study found that one-third of companies have no consequences if an employee is found to be negligent or responsible for causing a data breach.

http://www.prnewswire.com/news-releases/experian-data-breach-resolution-and-ponemon-institute-study-reveals-organizations-are-not-doing-enough-to-prevent-employee-caused-security-incidents-300272524.html#continue-jump
 

KEYWORDS: cyber security security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Top Cybersecurity Leaders
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Security Leadership and Management
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Broken wet floor sign

Why Response Time Is Becoming the Missing Metric in Workplace Safety and Security

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Medical professional

Nearly 85% of Nurses Experienced Workplace Violence in the Last Year

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • cost-enews

    The High Cost of Not Doing Enough to Prevent Cyber Attacks

    See More
  • Airport at Sunset

    Companies Aren't Doing Enough to Manage the Risks of Extended Business Travelers

    See More
  • Boston's Big Sniff: Are We Doing Enough to Combat Chem-Bio Weapons?

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • The Complete Guide to Physical Security

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing