88% of employees lack awareness to stop privacy or security incidents
The results of a new survey testing employee data privacy and cybersecurity knowledge reveal that 88 percent lack the awareness to stop preventable cyber incidents.
MediaPro surveyed 1,000 employees across the U.S. to quantify the current state of privacy and security awareness, and revealed employee knowledge trends across eight risk domains, ranging from working remotely to identifying phishing attempts, and assigned three risk profiles indicating employees’ privacy and security awareness IQ.
These risk profiles are Risk, Novice, and Hero, and are based on the number of proper behaviors correctly identified. The more correct behaviors an employee can identify, the less of a privacy or security risk they represent.
- 16 percent of respondents scored low enough to warrant a “Risk” profile by exhibiting behaviors that put their organizations at serious risk for a privacy or security incident.
- 72 percent of respondents were given a “Novice” profile, meaning they understand the basics but are dangerously close to one wrong decision or mistake leading to a security or privacy incident.
- Only 12 percent of respondents were given a “Hero” profile, indicating a strong knowledge of security and privacy best practices, and are likely well-prepared to deal with many cyber threats.
- Nearly 40 percent of respondents chose to discard a potential password hint in an unsecure manner rather than disposing of it by secure means.
- 25 percent of respondents failed to recognize a sample phishing email with a questionable “From” address and attachment.
- More than 26 percent of respondents thought it was acceptable to use a personal USB drive to transfer work documents when working remotely.
“The risk landscape for employees is constantly changing, and this survey illustrates that employees are having trouble keeping up,” said Tom Pendergast, MediaPro’s chief strategist, for security, privacy, and compliance. “The clear solution is the implementation of an adaptive awareness program that is flexible enough to adjust not only to today’s threats, but the threats of tomorrow. Without an adaptive program, you’re going to have a hard time surviving, let alone thriving, in today’s tumultuous data protection landscape.”