Seven in 10 employees lack the awareness to stop preventable cybersecurity incidents, according to the second-annual State of Privacy and Security Awareness Report.

For the second year in a row, the average survey respondent achieved a "Novice" score, showing the average survey respondent is dangerously close to one wrong decision or mistake leading to a security or privacy incident.

Last year'sState of Privacy and Security Awareness Report found that nearly nine in 10 employees lacked awareness to stop preventable cyberthreats. While 2017's report has shown improvement, the numbers still reflect the concerted effort needed to increase employee awareness.

"With overwhelming data supporting the fact that employees are the weakest link in privacy and security, companies can't rely on haphazard, annual training to solve the problem," said Steve Conrad, MediaPro's founder and managing director. "Instead, they've got to look to make continuous improvements in cybersecurity knowledge and behavior. We're pleased to see a general improvement in security and privacy awareness this year, but we have our work cut out for us moving forward."

According to the report:

  • Nearly 20 percent of respondents scored low enough to warrant a "Risk" profile, up from 16 percent in 2016, by exhibiting behaviors that put their organizations at serious risk for a privacy or security incident
  • 30 percent of respondents were given a "Hero" profile, up from 19 percent in 2016. This is encouraging, as it indicates an improved knowledge of security and privacy best practices
  • 19 percent of respondents chose to take risky actions related to working remotely, such as connecting their work computer to an unsecured public Wi-Fi hotspot
  • 12 percent of respondents failed to recognize common signs of malware when presented with real-life examples, such as a sluggish computer or anti-virus software unexpectedly switching off
  • 24 percent of employees surveyed took potentially risky actions when presented with scenarios related to organizational physical security, such as letting strangers in without identification
  • 20 percent of employees showed a lack of awareness related to safe social media posting, choosing risky actions such as posting on their personal social media accounts about a yet-to-be-released product of their employer