It will come as no surprise that people can be one of the biggest weaknesses in your cyber security.
Research from Insurer QBE has found that 31% of employees have made mistakes that could impact the cyber security of their workplace. The types of attack are wide-ranging, from employees falling victim to a phishing scam, accidentally clicking a link or initiating a malware download, to sharing passwords with colleagues.
Then there’s the loss or theft of a laptop or smartphone. We tend to think of phishing as one of the primary weaknesses, but from the statistics below, maybe businesses should re-evaluate.
- 13% – Device loss or theft
- 13% – Sharing passwords
- 7% – Malware
- 5% – Phishing
Of those that responded to the survey, less than half stated their workplace has the following in place to mitigate potential cyber risks:
- 46% – Cyber security training for employees
- 43% – Multifactor authentication (MFA)
- 29% – Phishing and cyber scam simulation exercises
In order to have a more robust cyber security plan in place, the results above suggest that businesses should be prioritising cyber security training. Effective education is vital as employees need to know not only how to spot a threat and what to do, but more importantly, what not to do. By incorporating regular phishing simulations, employers will also gain a vital understanding of where their weaknesses are and which team members require additional training.
Cyber is a constantly evolving risk and ongoing training will support employees as new technology, such as artificial intelligence, becomes part of the digital transformation landscape. Phishing techniques are becoming increasingly sophisticated and 13% of employees surveyed said they would not feel confident in recognising a phishing scam. The majority of those surveyed (56%) said they believe AI will increase cyber risk.
A holistic approach incorporating IT security, employee training and response plans is key to ensuring businesses are not only more resilient to cyber risks, but also to improve their risk profile. Understanding and reducing your risk profile is an important factor when it comes to cyber insurance, affecting the level of coverage cyber insurers will offer and at what premium – or even whether an insurer will want to quote at all.