One in four employees have lost their job in the last 12 months following a mistake that has compromised their company’s security (opens in new tab), according to data from email security company Tessian.
The data has been pulled from Tessian’s ‘Psychology of Human Error’ report, which explores the reasons why people make mistakes in the workplace.
Amongst the findings, the data also revealed just over one in four respondents, or 26 percent, got duped by a phishing email (opens in new tab) in the workplace over the course of the last 12 months.
Meanwhile, two-fifths, or 40 percent of employees had sent an email to the wrong recipient, with nearly one third or 29 percent confessing that their business had lost a client or customers as a result of the error.
Worryingly, over a third, or 36 percent of employees admitted to making a mistake in the workplace that had compromised company security. Less people are also reporting their mistakes to the IT department (opens in new tab).
Pressure in the workplace seems to be a common issue for employees with many citing the need to respond quickly being the cause of errors, increasing 34 percent compared to an earlier Tessian study conducted in 2020.
Two fifths of those surveyed also stated distraction and fatique as being other major factors leading to mistakes being made when it came to phishing attacks (opens in new tab). The figures suggest that the shift to hybrid working has produced an increase of fatique and distraction in the last twelve months.
Increased hybrid working
“With the shift to hybrid work, people are contending with more distractions, frequent changes to working environments, and the very real issue of Zoom fatigue - something they didn’t face two years ago,” said Jeff Hancock, a professor at Stanford University who contributed to the report.
Phishing attacks are getting more advanced too, leading to more people falling for them overall, even though the number only increased by 1 percent year-on-year. However, the convincing nature of phishing attacks is catching many employees out, with over half stating that they’d been duped by a phishing email because it impersonated a senior executive at their company.
One third of employees were also exposed to SMS or smishing attacks in the last 12 months, compared to 26 percent who'd fallen for email-based phishing scams. Interestingly, one-third of respondents aged over 55 said they had complied with requests in a smishing scam, compared to 24% of 18-to 24-year-olds.
The data has highlighted how commonplace making mistakes is. According to the research, a US employee sends four emails to the wrong person every month.
Tessian’s figures are echoed by the number of breaches reported to the Information Commissioner’s Office, caused by data being sent to the wrong person via email. Numbers were 32% higher in the first nine months of 2021 than the same period in 2020.
As a result, companies are being forced to take tougher action. One in four respondents (21 percent) also lost their job because of their mistake, versus 12 percent in July 2020.
Josh Yavor, CISO at Tessian, said, “We know that the majority of security incidents begin with people’s mistakes. For IT and security teams to be successful, they need visibility into the human layer of an organization, so they can understand why mistakes are happening and proactively put measures in place to prevent them from turning into serious security incidents.
The study dates back to January 2021, and surveyed 2,000 workers: 1,000 in the US and 1,000 in the UK, ranging in age from 18-51+ and from various departments and industries.