New researcher from the email security firm Tessian has revealed that almost half (43%) of employees in the US and UK have made mistakes at work that have resulted in cybersecurity repercussions for themselves or their company.
To compile its new The Psychology of Human Error report, the firm surveyed 2,000 professionals between the ages of 18 and 51 to find out more about why workers make mistakes and how they can be prevented before they end up turning into data breaches.
Of the employees surveyed, a quarter of them confessed to clicking on links in a phishing email at work. Tessian’s research also found that employees between 31 and 40 years of age were four times more likely than employees over age 51 to click on a phishing email. At the same time, male employees were twice as likely to do so than their female coworkers.
Distraction was the top reason for falling for a phishing scam according to 47 percent of the employees surveyed. This was closely followed by the fact that the email appeared to be legitimate (43%) with 41 percent saying the phishing email looked like it came from a senior executive or a well-known brand.
The report also found that 58 percent of employees had sent a work email to the wrong person with 17 percent of these emails going to the wrong external party.
Emailing the wrong person can have serious consequences for both an employee and their organization as the incident must be reported to regulators as well as customers. Of those surveyed, one fifth said their company had lost customers as a result of a misdirected email while one in 10 employees (12%) lost their jobs.
Fatigue was the main reason cited for misdirected emails at 43 percent followed by distraction at 41 percent. Distraction is now a more pressing concern as 57 percent of respondents admitted to being more distracted while working from home. Employees also revealed that they make more mistakes when stressed (52%), tired (43%) and working quickly (36%).
CEO and co-founder of Tessian, Tim Sadler provided further insight on the report’s findings in a press release, saying:
“Cybersecurity training needs to reflect the fact that different generations have grown up with technology in different ways. It is also unrealistic to expect every employee to spot a scam or make the right cybersecurity decision 100% of the time. To prevent simple mistakes from turning into serious security incidents, businesses must prioritize cybersecurity at the human layer. This requires understanding individual employees behaviors and using that insight to tailor training and policies to make safe cybersecurity practices truly resonate.”