31% of employees have made mistakes that could impact workplace cyber security, QBE research finds
Employee mistakes and poor security leaving businesses open to cyber-attacks
According to a recent survey, these ranged from falling victim to a phishing scam (5%), accidentally clicking a link or downloading something that resulted in malware being added to a work device (7%), losing or having a work device stolen (6% and 7%) to sharing passwords with colleagues (13%).
Less than half said their workplace has the following in place to mitigate potential cyber risks, including:
Cyber security training for employees in place (46%)Multifactor authentication (MFA) to log on to work devices/systems (43%)Phishing and cyber scam simulation exercises (29%)
The results suggest that companies should be looking into how they can educate employees to be more aware of risks and take necessary steps to mitigate them in order to have a more robust cyber security plan in place.
Erica Kofie, Head of Cyber Proposition for QBE Europe said: “Your employees can be your weakest link when it comes to cyber security and it is important to have an education programme in place to remind them about the risks, how to spot suspicious activity and what to do (and not do). Sporadic phishing simulations are also recommended to highlight areas of your workforce you might need to spend more time educating about the risks.”
Businesses need to keep an eye on emerging risks
With the nature of cyber-attacks constantly evolving, businesses should make sure they are regularly reviewing cyber plans to keep up.
Phishing is one example where techniques by criminals are becoming increasingly sophisticated. 13% of employees surveyed said they would not feel confident in recognising a phishing scam.
In addition, with the rise in artificial intelligence, the majority of those surveyed (56%) said they believe AI will actually increase cyber risk rather than reduce it (12%).
According to Eric Kofie a, businesses will need to be carefully looking at factors such as IT security, employee training and response plans to not only be more resilient to cyber risks, but also to improve their risk profile for, which affects the level of coverage cyber insurers will offer and at what premium.
Erica continued: “It’s crucial for businesses to take stock of their cyber security, not only to address any gaps that might let criminals in, but also to ensure they can access full levels of insurance. As part of our ongoing dialogue with customers, we focus on ‘being ready’, and part of this includes sharing appropriate information on failed attacks, which protections worked, the vulnerabilities which have allowed cyber breaches to happen, and ways to improve security.”