- Enterprises need to leverage data-driven insights to identify at-risk individuals and deploy customised training and support frameworks that promote secure behaviours.
- Data shows that no single employee contributes more than 1% of security alerts, indicating that the human risk problem cannot be resolved by simply disciplining or removing a few employees.
In today’s digital landscape, cybersecurity remains a paramount concern for organisations worldwide. While advanced technological defenses are essential, emerging data underscores the critical role of human behaviour in safeguarding enterprise networks.
A report by Living Security, a human risk management platform, reveals a striking concentration of cyber risk among a small fraction of employees, illuminating the need for targeted interventions to mitigate human error effectively.
According to Living Security’s analysis of data from over 100 enterprises encompassing hundreds of millions of user events, approximately 10 per cent of employees are responsible for nearly 73 per cent of cybersecurity risks.
The disproportionate distribution highlights that a minority of individuals substantially amplify an organisation’s exposure to cyber threats.
Ashley Rose, CEO and Co-founder of Living Security, articulates this paradigm shift succinctly: “Cybersecurity is no longer just about technology, it’s about behaviour.”
The statement echoes the longstanding assertion by the World Economic Forum that human error accounts for an estimated 95 per cent of all cybersecurity incidents.
A promising outlook
The insights gleaned from Living Security’s report emphasise that the challenge extends beyond identifying risky individuals. Notably, the data shows that no single employee contributes more than 1 per cent of security alerts, indicating that the human risk problem cannot be resolved by simply disciplining or removing a few employees.
Instead, it demands comprehensive strategies that address behavioural patterns on an organisational scale.
Fortunately, the report also offers a promising outlook. Enterprises that implement “right interventions” — encompassing targeted education, risk assessment, and continuous training — can reduce the risky user population by half and shorten the duration of high-risk behaviours by 60 per cent.
This evidence advocates for a proactive, data-driven approach to human risk management, where tailored programs foster improved cybersecurity awareness and practices among employees who are disproportionately vulnerable to phishing and other attack vectors.
Ensure equitable security policies
A particularly noteworthy revelation challenges common perceptions about remote and part-time workers. Contrary to the stereotype that these groups pose greater security risks, the report finds that they are, in fact, less risky and more vigilant compared to their in-office counterparts.
Factors contributing to this reduced risk may include enforced policies such as mandatory multi-factor authentication (MFA) and compulsory training for contractors, which cultivate a culture of lawful vigilance. This challenges organisations to reconsider preconceived notions about the sources of risk and to ensure equitable security policies across all personnel categories.
Moreover, the report highlights a positive trend: approximately 80 per cent of employees contribute to reducing cyber risks rather than exacerbating them. The finding underscores the potential of empowering the broader workforce to act as active defenders in the cybersecurity ecosystem.
By nurturing an informed and engaged employee base, organisations can significantly enhance their overall security posture.
Discover more from TechChannel News
Subscribe to get the latest posts sent to your email.
