Employee mistakes are having a potentially dire impact on enterprise cybersecurity, with 43% of workers admitting to making an error that had a negative impact on corporate digital security.
This is according to The Psychology of Human Error, a report published today by email security company Tessian, which surveyed 2,000 employees in the US and the UK in April.
It found that not only were mistakes with potentially severe implications for enterprise cybersecurity commonplace, but that workplace disruption, distraction and stress were significant causes.
One in four said they had clicked a link on a phishing email during work, while 58% said they had accidentally sent an email to the wrong person. And while this may sound innocent enough it can be a serious issue, with one in five companies reporting they had lost customers over mistaken emails.
Around half of employees reported making more mistakes when they were stressed, with being tired or being distracted impacting 43% and 41% respectively.
This has been a particular concern amid lockdown, with 57% saying they were more distracted while working from home.
Employee mistakes, stress and the impact on cybersecurity: Actions required
The report highlights the importance of employee wellbeing in preventing mistakes and therefore improving enterprise cybersecurity – a topic that is arguably under-discussed in the industry yet of more relevance than ever.
“Understanding how stress impacts behaviour is critical to improving cybersecurity,” said Jeff Hancock, a professor at Stanford University and expert in social dynamics.
“This year, people have had to deal with incredibly stressful situations and a lot of change. And when people are stressed, they tend to make mistakes or decisions they later regret.
“Sadly, hackers prey on this vulnerability. Businesses, therefore, need to educate employees on the ways a hacker might take advantage of their stress during these times, as well as the security incidents that can be caused by human error.”
The report also highlights significant differences among different ages and genders of employees – which suggests that companies should take this on board when providing training and support to prevent mistakes and protect cybersecurity.
“For example, employees aged 18-30 were five times more likely than workers over 51 to have made a mistake that compromised their company’s cybersecurity,” said Hancock.
“Men were also twice as likely as women to fall for phishing scams, with 34% of men saying they’d clicked on a phishing scam versus 17% of women.”