75% of Employees Could Cost a Business $7.91 Million

Seventy-five percent of professionals pose a moderate or severe risk to their company’s data, says MediaPRO’s third-annual State of Privacy and Security Awareness Report, which also found that workers in the financial sector are more likely to be a risk with 85 percent of survey respondents falling into one of the two risk categories.

“The overall results of this report revealed a trend we weren’t happy to see: employees performing worse across the board compared to the previous year,” said Tom Pendergast, Chief Security & Privacy Strategist at MediaPRO. “Rather than dwell on how much the average employee still has to learn, this report should be taken as a roadmap for a robust security and/or privacy awareness initiative — one that will ultimately lead to real behavior change.”

The news is filled with reports of cyberattacks, data leaks and ransomware that can cost companies an average of $7.91 million in the U.S. Yet, according to historical data from MediaPRO’s report, the number of individuals who put their organizations at serious risk for a privacy or security incident has nearly doubled since 2016.

The report is based on an annual survey that polls U.S. workers on a variety of questions based on real-world scenarios such as correctly identifying personal information, logging on to public Wi-Fi networks, and spotting phishing emails. Based on the percentage of privacy- and security-aware behaviors correctly identified, survey takers were assigned to one of three risk profiles: Risk, Novice, and Hero.

Additional findings from the report include:

Employees this year performed worse than in 2017 across all eight threat vectors measured. Specifically, those surveyed did significantly worse in identifying malware warning signs, knowing how to spot a phishing email, and social media safety.
Employees in management roles or above showed riskier behaviors than entry- or mid-level employees. Seventy-seven percent of respondents in management showed a general lack of awareness, while 74 percent of those in subordinate positions scored the same.
Employees in the finance sector performed the worst of the seven industry segments analyzed, with 85 percent of finance workers showing some lack of cybersecurity and data privacy knowledge.
Fourteen percent of employees lacked the ability to correctly identify phishing emails. This is a notable increase in respondents who showed risky behaviors when it came to phishing attempts from our 2017 survey, in which only 8 percent of employees struggled in this area.
More than a quarter of respondents would take risky actions around physical security. This number has increased from 19 percent in 2016 to 27 percent in 2018.

“We live in an age where stories about cybersecurity are constantly swirling, which can actually create a sense of security fatigue,” Pendergast said. “But these levels of riskiness are alarming. It only takes one person to click on the wrong email that lets in the malware that exfiltrates your company’s data. Without everybody being more vigilant, people and company data will continue to be at risk.”

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

Employees don’t feel prepared to navigate an increasingly dangerous world, and they expect their employers to not only care about their personal safety, but to actively keep them safe.