Staff members sending an email (opens in new tab) to the wrong person has been responsible for 1 in 3 businesses losing clients or customers in the past 12 months, according to new data.
Email security firm Tessian has released its latest report, which highlights the scale of the problem, with the figure rising from 20 percent in 2020 to 29 percent this year.
Not only has the issue been causing businesses to lose customers but, in some cases, mistakes by employees have forced companies to report incidents to regulators.
While 35 percent of respondents said that they had reported emailing errors and accidental data loss to their customers, the number of breaches report to the U.K.'s Information Commissioner's Office (ICO) was 32 percent higher in the first nine months of 2021 than it was for the same period twelve months earlier.
IT departments not notified
Tessian’s research, contained in the latest edition of its ‘Psychology of Human Error’ paper, found that employees are now less likely to report mistakes to managers. One in five, or 21 percent of those questioned, said that they didn’t report security-based incidents, compared to 16 percent back in 2020.
The knock-on effect of employees feeling pressurised in the workplace and subsequently worried about disciplinary action has also meant IT departments (opens in new tab) and security teams are finding it harder to keep track of visible threats within their organisation.
It’s a situation Josh Yavor, Chief Information Security Officer at Tessian, thinks could be diffused if businesses try to encourage employees to admit mistakes, without shame, despite the ever-present fear of repercussions.
“Rewards are far more effective than punishment. If employees feel uncomfortable in reporting security mistakes, security teams will never have full visibility into these threats,” he says.
“So rather than scaring employees into compliance, encourage employees to engage with security by creating positive security experiences so that you can cement a partnership mindset between security teams and staff. Those positive incentives will help combat security nihilism and build strong security cultures.”
Search for the best data recovery software (opens in new tab).