Exploring The Current State of Employee Knowledge In Cybersecurity And Data Privacy

Seventy-five percent of professionals pose a moderate or severe risk to the corporate data of the companies they work for. According to MediaPRO’s third-annual State of Privacy and Security Awareness Report, workers in the financial sector are more likely to be a risk with 85 percent of survey respondents falling into one of the two risk categories.

MediaPRO surveyed more than 1,000 employees across the U.S. to quantify the state of privacy and security awareness in 2018. More people fell into the risk or novice category compared to 2017, despite continued exposure to reports of hacks and data loss.

“The overall results of this report revealed a trend we weren’t happy to see: employees performing worse across the board compared to the previous year,” said Tom Pendergast, Chief Security & Privacy Strategist at MediaPRO. “Rather than dwell on how much the average employee still has to learn, this report should be taken as a roadmap for a robust security and/or privacy awareness initiative — one that will ultimately lead to real behavior change.”

In an age where our society is increasingly digitally connected, cybersecurity and data privacy are significant, real-time threats. The news is filled with stories of cyberattacks, data leaks and ransomware that can cost companies an average of $7.91 million in the US. Yet according to historical data from MediaPRO’s report, the number of individuals who many put their organizations at serious risk for a privacy or security incident has nearly doubled since 2016.

The report is based on an annual survey that polls more than 1,000 U.S. workers a variety of questions based on real-world scenarios such as correctly identifying personal information, logging on to public Wi-Fi networks, and spotting phishing emails. Based on the percentage of privacy- and security-aware behaviors correctly identified, survey takers were assigned to one of three risk profiles: Risk, Novice, and Hero.

“We live in an age where stories about cybersecurity are constantly swirling, which can actually create a sense of security fatigue,” Pendergast said. “But these levels of riskiness are alarming. It only takes one person to click on the wrong email that lets in the malware that lays on the server and exfiltrates your company’s data for 90 days before anybody notices. Without everybody being more vigilant, people and company data will continue to be at risk.” – Help Net Security