Employee Error Major Cyber Weakness

In a study conducted by Gallagher, it has been revealed that 60% of cyber attacks on UK businesses have been caused by employee error. In 14% of cases, customer data has been stolen by cyber criminals.

The study gave a clear insight into the devastation a cyber attack can cause, with 30% of those who took part in the survey revealing that their company’s system went down for four to five days, 33% said their systems were affected for three days.

Furthermore, 14% said the cyber attack or data breach impacted their business’ reputation, whilst 12% were hit financially.

Tom Draper, Head of Cyber at Gallagher, said:

“Virtually all businesses are at risk of a cyber attack, and as this research shows, it is often an employee mistake which causes the problem.

“Cyber criminals have become increasingly sophisticated with ways of trying to obtain access to data or a company’s system, and it’s hard to remove the risk of human error.

“However, by businesses taking a comprehensive, multi-layered approach to cyber security – including ensuring they have the appropriate insurance in place, establishing effective training programmes for employees and implementing technologies that secure the most sensitive data – they can save both money and resources in the long run, while also helping to mitigate the potential threat of attack.”

The most common cyber attacks incurred as a result of employee error were malware (39%), phishing (35%) and data breaches (28%).

Although cyber crime is a worry, of the 1,000 organisations that were surveyed by Gallagher’s, only 64% of them regularly reminded employees about the risk of cyber crime, even though 71% of them said employee error is a huge worry when it comes to cyber crime.

Although preventative measures are available, less than half of those surveyed (42%) said they had installed off-the-shelf preventative measures.

Empowering people to take responsibility of cyber security in your organisation, from the most senior to the most junior member of staff is a good way to embed a positive cyber culture.

Regularly reminding employees how to spot phishing attempts, what to do when you receive one, regularly changing passwords and creating complex ones which aren’t easy to guess can go a long way to bridging the gap.

Although it’s never 100% possible to eradicate employee error as an inlet for cyber crime, the more steps taken to educate and empower them can reduce the risk.