Are employees the biggest cybersecurity threat to businesses?

Research tells us that the biggest threat to a company or organisation’s cybersecurity is its own employees.

Although cyber-attacks are usually initiated by third party actors with malicious intent, it can be the shortcomings of employees that allow systems to become vulnerable. On top of that, employees who fail to adhere to policies and procedures are normally responsible for data leaks. With many employees working remotely, or with the ability to log in to servers from home, risks are increasing all the time.

One global security strategist, Derek Manky, previously suggested that the threat level for cybersecurity is increasing:

“…every minute, we are seeing about half a million attack attempts that are happening in cyber space.”

There is a general consensus amongst the cybersecurity community that cyber-attacks and breaches are rising sharply and we can see evidence of this when hacks occur. The U.K. Government previously found that two-thirds of large businesses experienced a cyber-breach. The figure isn’t surprising in the digital era, as more data is being passed from different cloud systems, and more work is contracted out to third parties. There are millions of internet-connected devices across the world, which are all devices that could be potentially hacked.

By 2020, some experts predict the number of connected devices will grow to 20 billion.

Are employees the biggest threat?

Experts previously suggested that one of the biggest risks for a business is their own employees. A Kaspersky report indicated that data breaches caused by careless employees amounted to almost 60% of all breaches.

It’s thought that cyber-attackers can get easy access to data through employees who are careless or uninformed. This could be because the company doesn’t have adequate cybersecurity training for their employees, or just that employees don’t always take such things seriously. It’s not just employees who have to exercise due diligence, as it’s also the company’s responsibility to ensure that there are company policies and procedures that are conveyed clearly to employees in order to minimise cyber-hacks.

Threat from rouge employees

A poll undertaken in 2014 by the British Standards Institution (BSI) found that 37 per cent of respondents said the biggest cybersecurity threat was rogue employees. Risk management expert, Suzanne Fribbins, said that it doesn’t come as a surprise as employees are the one thing that can’’t be controlled. It’s not that employees are maliciously taking action that threatens cybersecurity, but it may just be that they do not understand the importance of it.

The ‘insider threat’ may come as a consequence of employees leaving documents lying around or perhaps not password-protecting a laptop,  or even taking work home. Of course, not all employees are honest and truthful; some employees may intentionally steal information, but this reportedly makes up a small percentage of the data breaches.

Can you claim if the breach is caused by an employee?

An employer can be vicariously liable for the actions of an employee, so the negligence of an employee will often fall on to the organisation. This allows people to claim against the organisation as opposed to an individual personally, who probably doesn’t have the insurance or finances to meet a claim.

Although not every scenario can be controlled by the employer, they are still the ones with the overall responsibility for the employee’s actions.

Most U.K. citizens don’t trust organisations and businesses with their personal data

New ICO powers to fine organisations up to £17 million