Skip to main content

Employee negligence is leaving firms wide open to cyber attacks

Businesses are leaving themselves wide open to cyber attacks due to a lack of understanding of how to mitigate employee negligence, according to a new whitepaper from QinetiQ.

The report identifies a clear disconnect between employee knowledge and their actions when it comes to cyber security, concluding that training alone is not sufficient to adequately change employee behaviour.

For example, recent government data reported that 90 per cent of large organisations suffered some sort of security breach in 2015 and 81 per cent of those companies stated that the actions of their employees aided the attacker in some way. This suggests that a more holistic approach to security is required, one that is designed to integrate people, processes and technology.

QinetiQ encourages businesses to recognise that there is no "silver bullet" for preventing cyber attacks and suggests that creating a company-wide security culture is the best way to affect employee behaviour.

Simon Bowyer, Senior Consultant of Human Performance at QinetiQ and co-author of the report said: "To educate and influence the behaviour of employees is to restrict the easiest attack route into a business. When employees have a natural inclination towards security by virtue of an integrated company ethos, they are motivated to remain alert to risks and unusual behaviours.

"If firms are to stand a chance against cyber threats firms must design their security strategy taking into account human behaviour and propensity of employees to act in a security conscious fashion. Firms must work towards a vision, where employees recognise the importance of cyber security best practice and how even actions that we all take for granted, like checking a Facebook page at lunchtime, could provide cyber criminals with an avenue into a business.

"Cyber security is no longer the sole responsibility of the IT department. It is the responsibility of everyone. It needs to be closely integrated with the aims of the business and the entire employment lifecycle."

Image source: Shutterstock/lolloj