The survey, while testing employee data privacy and cyber security knowledge, found that 88% lack the awareness to stop or prevent cyber threats.
MediaPro, and adaptive awareness company, surveyed 1,000 employees across the U.S. to establish the state of privacy and security awareness.
The report sought to identify employee knowledge trends across 8 risk domains, ranging from working remotely to identifying phishing attempts.
Employees were then assigned 3 risk profiles, which indicated an employee’s’ privacy and security awareness IQ.
These risk profiles are risk, novice, and hero, and are determined on whether an employee can identify the correct protocols to follow and behaviours to promote.
The more correct behaviours an employee can identify, the less of a privacy or security risk they represent.
16% of respondents scored low enough to warrant a “risk” profile.
These individuals put their organisations at serious risk of a privacy or security breach, which could cause loss of consumer trust and indeed, crippling fines.
72% of respondents achieved a novice profile, which means they had a basic knowledge of security and privacy standards.
These employees are still at risk of committing a security mistake that their business could come to rue.
Unsurprisingly, the lowest scoring percentile were the heroes. These only accounted for 12% of those employees surveyed.
The title indicates a strong knowledge of security and privacy best practices, and are likely well-prepared to deal with many cyber threats.
“The risk landscape for employees is constantly changing, and this survey illustrates that employees are having trouble keeping up,” said Tom Pendergast, MediaPro’s chief strategist, for security, privacy, and compliance.
Human error is the single biggest cause of cyber security incidents.
Indeed, a recent study from CompTIA found that human error accounts for more than 50% of security breaches.
Mark James, security at ESET questions whether organisations’ weakest link in security is in fact the user.
“This survey seems to point to that conclusion but the good news is they don’t have to be. With the right education, awareness and cooperation we could turn our staff and users into our strongest asset.”
Solving the problem
AI can mitigate human error in practice.
The future of data security lies in making sure that technology is able to detect the errors employees are guaranteed to make and alerting them to the fact before it’s too late, suggests Tony Pepper, CEO, Egress Software Technologies.
“It requires software that can collate big data based on user patterns and trends, and analyse this information to make sure the best possible decision is being made in any situation.”