Exploring the current state of employee knowledge in cybersecurity and data privacy
Seventy-five percent of professionals pose a moderate or severe risk to the corporate data of the companies they work for. According to MediaPRO’s third-annual State of Privacy and Security Awareness Report, workers in the financial sector are more likely to be a risk with 85 percent of survey respondents falling into one of the two risk categories.
MediaPRO surveyed more than 1,000 employees across the U.S. to quantify the state of privacy and security awareness in 2018. More people fell into the risk or novice category compared to 2017, despite continued exposure to reports of hacks and data loss.
“The overall results of this report revealed a trend we weren’t happy to see: employees performing worse across the board compared to the previous year,” said Tom Pendergast, Chief Security & Privacy Strategist at MediaPRO. “Rather than dwell on how much the average employee still has to learn, this report should be taken as a roadmap for a robust security and/or privacy awareness initiative — one that will ultimately lead to real behavior change.”
In an age where our society is increasingly digitally connected, cybersecurity and data privacy are significant, real-time threats. The news is filled with stories of cyberattacks, data leaks and ransomware that can cost companies an average of $7.91 million in the US. Yet according to historical data from MediaPRO’s report, the number of individuals who many put their organizations at serious risk for a privacy or security incident has nearly doubled since 2016.
The report is based on an annual survey that polls more than 1,000 U.S. workers a variety of questions based on real-world scenarios such as correctly identifying personal information, logging on to public Wi-Fi networks, and spotting phishing emails. Based on the percentage of privacy- and security-aware behaviors correctly identified, survey takers were assigned to one of three risk profiles: Risk, Novice, and Hero.
Additional notable findings from this year’s report include:
Employees this year performed worse than in 2017 across all eight threat vectors measured. Specifically, those surveyed did significantly worse in identifying malware warning signs, knowing how to spot a phishing email, and social media safety.
Employees in management roles or above showed riskier behaviors than entry- or mid-level employees. Seventy-seven percent of respondents in management showed a general lack of awareness, while 74 percent of those in subordinate positions scored the same.
Employees in the finance sector performed the worst of the seven industry segments analyzed, with 85 percent of finance workers showing some lack of cybersecurity and data privacy knowledge.
Fourteen percent of employees lacked the ability to correctly identify phishing emails. This is a notable increase in respondents who showed risky behaviors when it came to phishing attempts from our 2017 survey, in which only 8 percent of employees struggled in this area.
Over a quarter of respondents would take risky actions around physical security. This number has jumped up 42 percent since 2016.
“We live in an age where stories about cybersecurity are constantly swirling, which can actually create a sense of security fatigue,” Pendergast said. “But these levels of riskiness are alarming. It only takes one person to click on the wrong email that lets in the malware that lays on the server and exfiltrates your company’s data for 90 days before anybody notices. Without everybody being more vigilant, people and company data will continue to be at risk.”