Maintaining a strong cybersecurity posture requires buy-in from employees at all levels in an organization. However, 75% of employee don't have the basic knowledge or awareness they need to be able to avoid preventable cyber incidents, according to a new report from MediaPro.
The third annual report surveyed more than 1,000 employees around the US to see just how knowledgeable they were about cybersecurity and privacy. Unfortunately, employees in 2018 performed worse than last year, with three-quarters of respondents being given a Risk or Novice profile, which means they had exhibited some behaviors that put their company at risk of a cyberattack, the report said.
And the risks come with a hefty price tag. According to a MediaPro press release, cyberattacks cost US businesses an average of $7.91 million.
SEE: Security awareness and training policy (Tech Pro Research)
Financial sector employees presented the biggestworst risk to their organizations. Some 85% of employees in this industryies showed some lack of understanding of data security and privacy, the report mentioned.
Employees in management actually showed slightly more risk than subordinate employees, the report noted. Of the respondents, 77% in management roles showed a lack of awareness in privacy and security, while 74% of other employees showed the same.
Phishing emails are also getting more difficult for employees to identify. In the 2017 survey, 8% of employees struggled to identify these emails. In 2018, though, 14% of employees struggled in the same area. Additionally, only 58% of employees could identify a business email compromise (BEC), the report said.
Social media presents risk in a variety of ways outside of security. Some 26% of employees made bad choices with their social media, such as sharing unreleased product info.
There is a silver lining, though. Some 25% of employee respondents achieved a Hero profile for their knowledge of security and privacy issues, but the majority still have a long way to go.
The big takeaways for tech leaders:
- 75% of employees don't have the basic knowledge or awareness they need to be able to avoid preventable cyber incidents. — MediaPro, 2018
- Phishing emails are getting more difficult to identify, with 14% struggling in this area in 2018 vs 8% in 2017. — MediaPro, 2018
- A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
- IoT security: Follow these rules to protect your users from hackers, gadget makers told (ZDNet)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Cyber security: Your boss doesn't care and that's not OK anymore (ZDNet)
- Almost half of cyberattacks are directed at SMBs, here's how to stay safe (TechRepublic)
Conner Forrest has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.