Report: Companies Failing to Address Biggest Security Risk – Their Own Employees
June 6, 2016
Security professionals identified their own company’s employees as their biggest security threat, but most feel their organizations are not taking adequate steps to address the problem, according to recent research. The survey, conducted by Experian Data Breach Resolution and the Ponemon Institute found 55 percent of respondents said their company had experienced a “security incident” that originated with a negligent or malicious employee. Sixty percent of companies said their employees are not knowledgeable about how they contribute to their organization’s security and only 35 percent reported that senior management makes employee security awareness a priority.
“Among the many security issues facing companies today, the study emphasizes that the risk of a data breach caused by a simple employee mistake or act of negligence is driving many breaches. Unfortunately, companies continue to experience the consequences of employees either falling victim to cyberattacks or exposing information inadvertently,” said Michael Bruemmer, vice president for Experian Data Breach Resolution. “There are several steps that companies should take to better equip their employees with the tools they need to protect company data, including moving beyond simple employee education practices and shifting to a culture of security.”
The research also found that security training is mandatory for only 46 percent of companies polled. And, when a breach does occur, 60 percent of organizations do not make employees retake security training, “missing a key opportunity to emphasize security best practices.”