The Impact of Human Error on Cyber Security

A recent OnePoll survey, conducted for email security firm Tessian, found that nearly half of employees (43%) made mistakes that directly resulted in cybersecurity repercussions for their company.

The survey of 1,000 workers in the UK also found that 1 in 5 companies had lost customers as a result of mistakenly sending an email to the wrong person, a common error that the majority of employees (58%) admitted to making with 10% of these workers losing their job as a result.

Another common user error is clicking on links in malicious “phishing” emails, with 47% of employees admitting that they had done so.

When asked about why these mistakes happen, employees said that being distracted came out on top with 47% of respondents citing this as the top reason for falling for a phishing scam and 41% saying this was the cause of sending an email to the wrong person.

Of special concern during current events, more than half (57%) of workers admitted they were more distracted when working from home, raising concerns that the sudden shift to remote-working this year could open businesses up to even more risks caused by human error.

Other reasons for people clicking on phishing emails included the perceived legitimacy of the email (43%) and the fact that the emails appeared to have come from either a senior executive (41%) or a well-known and trusted brand (41%). Fatigue was another factor that drove 44% of employees to send an email to the wrong person.

With employees saying they make more mistakes at work when they are stressed (52%), tired (43%), and distracted (41%), this underlines the need for businesses to understand the impact that stress and workplace cultures have on human error and on cybersecurity.

What can you do about it?

Cyber Awareness Training, used alongside sensible cybersecurity measures such as antivirus, antispam, firewalls, and complex passwords, is the best way for businesses to combat security threats caused by human error.

To prevent simple mistakes from turning into serious security incidents, businesses should prioritise cybersecurity at the human layer and tailor awareness training and security policies to make safe cybersecurity practices resonate with their employees.

Simulated attacks, using templates that mimic official emails used by brands that your employees are familiar with ensure that your staff remain vigilant, and has been shown to reduce the occurrence of cybersecurity incidents by as much as 70%.

This reduces the exposure of your business to malicious actors and saves valuable time and resources better utilised elsewhere.

Want more advice? If you would like advice on IT for your small business or start-up, get in touch.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store