Lax Employee Cybersecurity Habits Pose Growing Danger to Businesses

Reading time: 4 min
Share this Share on email Share on twitter Share on linkedin Share on facebook

Employees’ cybersecurity habits are bad and getting worse. New research illustrates a workforce less committed to security best practices, despite an increased focus on cybersecurity awareness in the workplace.

This years’ Market Pulse Survey by SailPoint Technologies reveals that 75% of employees reuse passwords across accounts, including work and personal, compared to 56% who admitted to doing so in 2014, when the first study in the series asked the question.

Just over half of survey respondents see their IT department as a source of inconvenience, leading to employees skirting IT policies. Around a third admitted they have deployed software without IT’s help, increasing risk for the organization. Worse still, 13% of staffers admitted they would not immediately notify IT if they got hacked, or thought they got hacked, and 49% would actually blame the IT department for a cyberattack if one occurred as a result of an employee being hacked.

Even more worryingly, around one in seven respondents would consider selling their workplace passwords to a third party – that’s roughly 15% of workers.

“While the goal of efficiency versus security with regards to passwords seems to always be at odds, the blatant disregard for security is most frightening,” the researchers said. “Throughout the years, the answer to our question of the potential sale of passwords has been fairly consistent with about one in seven stating they would sell their password. Yet again, 15% of this year’s respondents answered they would provide their password in exchange for monetary compensation, with a few accepting less than $100.”

A survey of more than 1,000 U.S. employees ages 18 – 65+ who have traveled with corporate devices in the past year found the majority place connectivity and efficiency above security. Ponemon Institute researchers in this instance found that the negligent actions of employees caused 64% of all insider threat incidents in the past year. At the same time, employers are doing little to mitigate these risks.

Research by Black Hat Europe indicates that the biggest danger to personal data is the collection and sale of personal information by enterprises and social media organizations that don’t properly protect privacy.

And a Ping Identity study of consumer sentiment and behavior in a post-breach era found that 78 percent of customers would stop engaging with a business (online, at the very least) if the brand suffered a breach. Some 36 percent would stop engaging on any medium and in any way.

60% of all attacks are carried out by insiders, and insider-caused breaches cost $5 million on average ($350,000 in costs for resources to investigate and correct an incident).