July 16, 2018 By David Bisson 2 min read

Employee negligence continues to be a top information security risk for key figures in the enterprise, especially IT security professionals who rely on internal threat reports to do their jobs. This risk can take the form of genuine human error, a lack of security awareness or even deliberate attempts to steal corporate data for personal gain.

According to the 2018 State of the Industry report from document destruction company Shred-it, 96 percent of Americans said they view employee negligence as at least a minor cause of data breaches against U.S. companies. Some were even more convinced: Eighty-four percent of C-suites see it as one of their biggest information security risks — and 51 percent of small-business owners agree.

Reflecting this viewpoint, the majority of U.S. businesses revealed that they’re struggling to keep pace with modern workplace trends. In particular, 86 percent of C-suites, and 60 percent of small-business owners said they believe the risk of a data breach is higher when employees work remotely.

How can companies increase cyber awareness among nontechnical employees and better incentivize them to report potential security issues before they become full-blown incidents?

What Are the Consequences of Employee Negligence?

According to the Shred-it report, two main factors are driving up the level of concern over instances of workforce negligence, which includes accessing company systems over remote and unsecured networks or improperly disposing of sensitive data.

Employee carelessness is the first factor and has historically been one of the primary causes of data breaches. The IBM X-Force team uncovered as much in its 2018 Threat Intelligence Index, noting that negligent actions were behind two-thirds of total records compromised in 2017.

Employee negligence is the second factor and makes the job of IT security professionals more difficult. To adequately defend organizations against cyberthreats, security teams need employees to report any issues they come across. However, organizations don’t always encourage them to do so. According to a 2016 Ponemon report, 67 percent of respondents said their organizations don’t provide incentives for employees to report security issues proactively.

This lack of engagement can cause small issues to evolve into major security incidents. For example, 79 percent of respondents to a Keeper Security survey that suffered ransomware attacks said the threat entered their systems through phishing emails.

Employees can help identify phishing attacks — but without the knowledge or incentive to do so, many either fall for the scam or simply keep it to themselves. As a result, security teams must devote their resources and respond to these issues that could have been prevented in the first place.

How Companies Can Minimize the Effects of Human Error

Organizations can counter negligence among their workforce by integrating data protection measures, such as resiliency backup and other disaster recovery tools, into their business practices.

Companies should also continuously evaluate the effectiveness of their security strategies and ensure that internal protocols are keeping pace with the increasingly sophisticated threat landscape. These policies should include ongoing security awareness training for the entire company and provide employees with incentives to report potential threats.

More from

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today