The role of human error in cybersecurity: what the stats tell us

[Andrezj]

1. Almost half of US workers trust public wifi hotspots​

2. 14 percent of workers in the UK don’t lock their smartphones​

3. Half of workers share access to an employee-issued device with family and friends.​

4. Human error is a major cause of data breaches​

5. Misdelivery and misconfiguration are among the top causes of data breaches​

6. 58% of organizations report that employees ignore cybersecurity guidelines​

7. The pandemic appears to have had an impact on human error concerns​

8. A worrying amount of people are guilty of using weak passwords​

9. Password reuse is extremely common​

10. Password sharing is common too​

11. Only 45 percent would change their password after a breach​

12. Almost half of organizations use sticky notes to help manage passwords​

13. Human intelligence is the best weapon against phishing attacks​

14. Spending on cyber security awareness training is increasing dramatically​

Statistics and Facts: Human Error in Cybersecurity

Life would be a lot simpler if people didn't make mistakes. Find out what the facts tell us about the role of human error in cybersecurity.

www.comparitech.com

 

[Victor M]

Re: point # 6: 58% of organizations report that employees ignore cybersecurity guidelines

I think employees should be fined for not following cybersecurity guidelines if it results in a breach. Just charge them the cost of the incidence response effort. Money talks. And they will learn.

 

[Andrezj]

Re: point # 6: 58% of organizations report that employees ignore cybersecurity guidelines

I think employees should be fined for not following cybersecurity guidelines if it results in a breach. Just charge them the cost of the incidence response effort. Money talks. And they will learn.

in the eu employees are generally not liable - cannot be sued by employer - for ordinary negligence or incompetence, which includes ignorance or neglect in following cyber security rules
willfully violating cyber security is an entirely different matter and the employer can sue the employee
in uk an employer tried to sue their employee for being phished and social engineered to send $250,000 to criminals, though she claims ignorance of phishing as a defence

Security Un-Awareness: Company Suing Employee for $138,000 in BEC Losses

Business Email Compromise example: a company is suing a former employee who fell for a BEC scam. Could Security Awareness training (or a lack thereof) help decide the BEC lawsuit?

www.secureworld.io

however... employer can fire any employee for any type of cyber security ignorance, negligence, violation
in uk thousands of employees that did something that resulted in data breach were terminated

40% of businesses sacked staff due to breach of security during COVID-19

Nearly 40% of UK businesses have fired employees for breaching cyber security policies during the Covid-19 pandemic, according to Centrify.

securitybrief.com.au

 

[Stopspying]

8. A worrying amount of people are guilty of using weak passwords​

9. Password reuse is extremely common​

10. Password sharing is common too​

11. Only 45 percent would change their password after a breach​

12. Almost half of organizations use sticky notes to help manage passwords​

I can't decide whether these are safer practices than using LastPass, or not?!

Re: point # 6: 58% of organizations report that employees ignore cybersecurity guidelines

I think employees should be fined for not following cybersecurity guidelines if it results in a breach. Just charge them the cost of the incidence response effort. Money talks. And they will learn.

I get why you say this but as Andrezj explains employment laws in a number of countries prevent this occurring and the cost of the response efforts can be phenomenal. If an admin assistant gets spear-fished and the attack costs the $250,000 as in the example they give, that is way beyond their likely overdraft allowance/loan arrangement possibilities.