One in four employees lost their job after making a mistake that compromised their company’s security, according to new research from email security company Tessian.
The second edition of the report provides an updated look at the factors causing employees to make security mistakes at work, and the growing severity of consequences that follow them.
The report found that more people are falling for advanced and sophisticated attacks. In 2022, 52% of employees fell for phishing emails that impersonated a senior executive at the company — up from 41% in 2020 — and one-third were tricked by an SMS phishing (smishing) message. These data points validate some findings released in the annual FBI IC3 report last week, which found that phishing and Business Email Compromise scams are growing in sophistication and are far more pervasive than any other online threat.
Employees today face many distractions and stressors that weren’t an issue two years ago, including Zoom fatigue and burnout resulting from the always-on mentality that comes with remote work. Stanford University professor Jeff Hancock, who contributed to the report, points out that these factors can often overwhelm people’s cognitive loads and cause them to make mistakes or more be fallible to scams.
These mistakes result in more serious consequences. Tessian found that not only are the stakes higher, but businesses are becoming less forgiving of mistakes that turn into serious data breaches. Nearly a third of employees lost a client or customer after sending an email to the wrong person, one in four lost their job, and 35% had to report the incident to a customer, threatening coveted, trust-based relationships.
To counter these mistakes, business and IT leaders must forego the expectations that employees will make the right decision 100% of the time.
Instead, they need to invest in intelligent technology solutions that understand human behaviors to help stop people’s mistakes before they turn into security incidents and create shame-free security cultures to encourage employees to admit their errors and ask questions. Rather than scaring employees into compliance, find ways for them to engage with security by creating positive experiences to cement a partnership mindset between security teams and staff.
For its report, Tessian surveyed 2,000 working professionals across the U.S. and U.K.
Read the full report by Tessian.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.