Seven in 10 employees lack the awareness to stop preventable cybersecurity incidents, according to the second-annual State of Privacy and Security Awareness Report, released this week by MediaPro.
For the second year in a row, the average survey respondent achieved a “Novice” score, showing the average survey respondent is dangerously close to one wrong decision or mistake leading to a security or privacy incident.
MediaPro, recognized by Gartner as a Leader in the Magic Quadrant for Security Awareness Training Vendors for the past three years, once again surveyed more than 1,000 employees across the U.S. to quantify the state of privacy and security awareness in 2017.
Respondents were asked a variety of questions based on real-world scenarios, such as correctly identifying personal information, logging on to public Wi-Fi networks, and spotting phishing emails. Based on the percentage of privacy- and security-aware behaviors correctly identified, survey takers were assigned to one of three risk profiles—Risk, Novice, and Hero.
Last year’s State of Privacy and Security Awareness Report found that nearly nine in 10 employees lacked awareness to stop preventable cyberthreats. While 2017’s report has shown improvement, the numbers still reflect the concerted effort needed to increase employee awareness.
“With overwhelming data supporting the fact that employees are the weakest link in privacy and security, companies can’t rely on haphazard, annual training to solve the problem,” said Steve Conrad, MediaPro’s founder and managing director.
“Instead, they’ve got to look to make continuous improvements in cybersecurity knowledge and behavior. We’re pleased to see a general improvement in security and privacy awareness this year, but we have our work cut out for us moving forward.”
Notable findings from this year’s report include:
- Nearly 20 percent of respondents scored low enough to warrant a “Risk” profile, up from 16 percent in 2016, by exhibiting behaviors that put their organizations at serious risk for a privacy or security incident
- 30 percent of respondents were given a “Hero” profile, up from 19 percent in 2016. This is encouraging, as it indicates an improved knowledge of security and privacy best practices
- 19 percent of respondents chose to take risky actions related to working remotely, such as connecting their work computer to an unsecured public Wi-Fi hotspot
- 12 percent of respondents failed to recognize common signs of malware when presented with real-life examples, such as a sluggish computer or anti-virus software unexpectedly switching off
- 24 percent of employees surveyed took potentially risky actions when presented with scenarios related to organizational physical security, such as letting strangers in without identification
- 20 percent of employees showed a lack of awareness related to safe social media posting, choosing risky actions such as posting on their personal social media accounts about a yet-to-be-released product of their employer
“Building a culture of security and privacy awareness isn’t easy, but it’s no longer possible to ignore given the slew of security and privacy concerns across multiple industries,” said Tom Pendergast, MediaPro’s chief strategist for security, privacy, and compliance.
“For those looking for a starting point for building a successful, comprehensive employee awareness program, I’d suggest our free eBook. It’s an incredible resource for enterprises large or small.”
MediaPro surveyed 1,012 employees from varied industries and members of the general public in early August 2017. Respondents were asked behavior-based questions across eight common cybersecurity and data privacy threat vectors, including incident reporting, working remotely, access controls, identifying personal information, identifying malware warning signs, cloud computing, social media, and identifying phishing attempts, to assess their privacy and security risk profile.
Want to find out your privacy and security awareness IQ? Take the 100% anonymous survey now!
Check out the Infographic
See the 2017 State of Privacy and Security Awareness Report below, or go here to download the full report. You can also use the embed code below to share the infographic directly on your site.