Organisations are not doing enough to prevent employee-related security incidents

Despite organisations making huge investments in employee training and other efforts to reduce careless behaviour when handling sensitive and confidential information, security risks still persist, according to Ponemon Institute’s Managing Insider Risk through Training & Culture report, sponsored by Experian Data Breach Resolution.

The research, based on responses from more than 600 individuals at companies that currently have a privacy training and data protection programme in place, reveals that more than 55% of companies have experienced a security incident due to an employee’s negligent or malicious behaviour.

Negligent or malicious employee behaviour

The research shows that data breaches are the result of “a careless or negligent employee who exposes sensitive information or succumbs to a targeted phishing attack”. Moreover, the report explains that organisations understand that security risks involve specific behaviours that heighten the risk.

Security incidents caused by malware from an insecure website, targeted phishing attacks, and using unapproved Cloud or mobile applications to send sensitive information are the top concerns organisations are facing in avoiding a data breach caused by malicious or negligent employees.

IT Governance’s Phishing Staff Awareness Course can help organisations avoid data breaches caused by negligent or malicious employee behaviour by educating their employees on the risks of spoof emails, how phishing works and the tactics that cyber criminals employ.

Educate your employees with IT Governance’s Phishing Staff Awareness Course >

Employee security training

The study found that 60% of companies surveyed believe “that their employees are not knowledgeable or have no knowledge of the company’s security risks”. Furthermore, the research shows a lack of concern from senior management, which creates a gap between companies’ awareness of the issues caused by employee negligence and their actions.

Additionally, key findings show that the effectiveness of employee training programmes vary greatly, and many programmes are not extensive enough to drive significant changes in employee behaviour.

IT Governance’s Staff Awareness e-learning courses are accessible, effective, web-based courses that offer a hassle-free and cost-efficient training solution to avoid data breaches resulting from negligent or malicious employee behaviour.

Read more about IT Governance’s Staff Awareness e-learning courses >>


One Response

  1. Howard Smith 27th May 2016