Report: 88% of Employees Lack Awareness Needed to Prevent Common Cyber Incidents

On: October 26, 2016
88 percent of employees polled in a new MediaPro survey lack the privacy or security awareness to stop preventable cyber incidents.

The results of a new survey testing employee data privacy and cybersecurity knowledge reveal that 88 percent lack the awareness to stop preventable cyber incidents.

MediaPro surveyed more than 1,000 employees across the U.S. to quantify the current state of privacy and security awareness.

The 2016 State of Privacy and Security Awareness Report revealed employee knowledge trends across eight risk domains, ranging from working remotely to identifying phishing attempts, and assigned three risk profiles indicating employees’ privacy and security awareness IQ.

The three risk profiles are Risk, Novice, and Hero, and are based on the number of proper behaviors correctly identified. The more correct behaviors an employee can identify, the less of a privacy or security risk they represent.

Key findings include:

  • 16 percent of respondents scored low enough to warrant a “Risk” profile by exhibiting behaviors that put their organizations at serious risk for a privacy or security incident
  • 72 percent of respondents were given a “Novice” profile, meaning they understand the basics but are dangerously close to one wrong decision or mistake leading to a security or privacy incident
  • Only 12 percent of respondents were given a “Hero” profile, indicating a strong knowledge of security and privacy best practices, and are likely well-prepared to deal with many cyber threats.

Human Threat Vector

“This survey clearly shows the human threat vector is still largely unsecured, and most organizations don’t really know whether their employees have the necessary level of data protection awareness to avoid preventable incidents,” said Steve Conrad, MediaPro’s founder and managing director.

Find out your privacy and security awareness IQ with our 100% anonymous survey“We invite more organizations and their employees to take this free survey to give them a clearer picture of their human-based risk areas.”

Other notable findings from the report include (download the report infographic):

  • Nearly 40 percent of respondents chose to discard a potential password hint in an unsecure manner rather than disposing of it by secure means
  • 25 percent of respondents failed to recognize a sample phishing email with a questionable “From” address and attachment
  • More than 26 percent of respondents thought it was acceptable to use a personal USB drive to transfer work documents when working remotely

Adaptive Awareness

“The risk landscape for employees is constantly changing, and this survey illustrates that employees are having trouble keeping up,” said Tom Pendergast, MediaPro’s chief strategist, for security, privacy, and compliance.

“The clear solution is the implementation of an adaptive awareness program that is flexible enough to adjust not only to today’s threats, but the threats of tomorrow. Without an adaptive program, you’re going to have a hard time surviving, let alone thriving, in today’s tumultuous data protection landscape.”

A recent study from CompTIA found that human error accounts for more than 50 percent of security breaches. Enterprises face threats that compromise the security of critical information due to unintentionally risky behavior from employees with poor privacy and security hygiene. Left unchecked, these employees are putting their companies at serious risk of material loss due to a data breach or other cyber incident.

Survey Methodology

MediaPro surveyed more than 1,000 employees from varied industries and members of the general public from September 21, 2016 to October 16, 2016. Respondents were administered 11 behavior-based questions across eight domain areas including incident reporting, working remotely, access controls, identifying personal information, identifying malware warning signs, cloud computing, social media, and identifying phishing attempts, to assess their privacy and security risk profile.

Want to find out your privacy and security awareness IQ? Take the 100% anonymous survey now! 

Share this Article

Take Survey

Related Articles

Find out the results of our 2016 State of Privacy and Security Awareness Report with this infographic, and take the awareness survey yourself.
Infographic: 2016 State of Privacy and Security Awareness
Don't waste time and money on an awareness program that doesn't yield real results. Download our white paper for tips on improving your awareness program.
White Paper: 5 Strategies for Improving the Effectiveness of Your Awareness Program
The annual Verizon Data Breach Investigations Report serves up as many learning moments as it does troubling InfoSec statistics this year.
The More You Know: 5 Lessons from the 2016 Verizon Data Breach Report
The human threat posed to cybersecurity and data privacy shows no signs of ebbing. We've built an infographic to tell a part of this story.
Infographic: The Human Threat by the Numbers