A newly-released report from security firm, Tessian, shows that 43% of workers have made cybersecurity mistakes that negatively impacted their organisation.
The Psychology of Human Error report surveyed 1,000 workers in both the UK and the United States at the height of the coronavirus outbreak in April. The study revealed how stress, distraction and workplace disruption can cause people to make more mistakes at work.
One-in-five companies (20%) have lost customers due to mistakenly sending an email to the wrong person – an error that most employees (58%) admitted to doing. A further 10% of workers said they had lost their job after sending an email to the wrong person.
Data revealed that people working in the tech industry were the most likely to click on links in phishing emails, with nearly half of respondents in this sector (47%) admitting they had done so.
Being distracted was found to be the most common reason why people made cybersecurity mistakes. Nearly half (47%) of respondents cited distraction as the top reason for falling prey to a phishing scam, while 41% said this was why they had sent an email to the wrong person.
Of the workers that responded, 57% said they are more distracted when working from home. The report findings suggest that the sudden shift to remote working practices may have opened employees and businesses up to more risks caused by human error.
Jeff Hancock, a professor at Stanford University and expert in social dynamics, said that understanding how stress impacts employee behaviour is critical to improving cybersecurity practices.
“This year, people have had to deal with incredibly stressful situations and a lot of change. And when people are stressed, they tend to make mistakes or decisions they later regret,” he said.
“Sadly, hackers prey on this vulnerability. Businesses, therefore, need to educate employees on the ways a hacker might take advantage of their stress during these times, as well as the security incidents that can be caused by human error,” Hancock added.
Age and gender also play a key role in people’s cybersecurity behaviours, the report suggested. Employees aged 18-30 were five times more likely than workers over 51 to have made a mistake that compromised their company’s cybersecurity.
Men were also twice as likely as women to fall for phishing scams, with 34% of respondents admitting they had clicked on a phishing scam. Conversely, just 17% of women said they had clicked on a phishing scam.
Tim Sadler, CEO and co-founder of Tessian commented: “Cybersecurity training needs to reflect the fact that different demographics use technology and respond to threats in different ways and that a one-size-fits-all approach to training won’t work.
“It is also unrealistic to expect every employee to spot a scam or make the right cybersecurity decision 100% of the time, especially during these uncertain times.”
Sadler added: “To prevent simple mistakes from turning into serious security incidents, businesses must prioritise cybersecurity at the human layer.
“This requires understanding individual employees’ behaviours and using that insight to tailor training and policies to make safe cybersecurity practices truly resonate for each person.”
Hackers have been taking advantage of the coronavirus pandemic to target organisations and individual with scams. Figures released by Action Fraud in June revealed that more than 16,000 consumers have fallen victim to online shopping and auction fraud since the onset of the pandemic, while cybersecurity experts found that hackers are using fear of the virus to target individuals with phishing scams.
Tessian’s report urges businesses to understand the impact stress and working cultures have on human error and cybersecurity, especially amid the uncertainty of the Covid-19 pandemic.