Skip to main content
close search
site logo
Dive Brief

Training not enough to prevent employee-related cybersecurity risks

Published June 7, 2016
By
Contributing Editor
CC0 Public Domain Free for commercial use No attribution required Pixabay

Dive Brief:

  • Experian Data Breach Resolution along with Ponemon Institute, a security research firm, surveyed over 600 people who worked for companies that offered data protection and privacy training programs. Their findings, published in the Managing Insider Risk through Training & Culture report, revealed that 66% believe employees pose the biggest risk, 60% think that employees have little to no knowledge of company security risks, and 55% said their organizations had at least one security breach due to an employee acting out of negligence or malice.

  • Thor Olavsrud, senior writer for CIO points out that organizations are not doing enough to effectively train employees on what they can do to reduce the risks associated with data in the workplace, how to report potential problems, and how to protect company data.

  • Only around half of the respondents from the Experian-Ponemon study agreed that their employee training programs actually helped to reduce noncompliant behaviors. 

Dive Insight:

70% of Corporate Security Officers lose sleep at night worrying that malware will be released on the company servers via an insecure website or a mobile device. 60% are worried that a user will have his or her access rights violated. 49% get nervous that someone will access company applications from an insecure public network. What’s surprising is that these statistics relate to internal security risks from employees, not some unknown hacker on the other side of the globe.

Michael Bruemmer, vice president of Experian Data Breach Resolution, told CIO that "among the many security issues facing companies today, our study emphasizes that the risk of a data breach caused by a simple employee mistake or act of negligence is driving many breaches."

While all the companies surveyed indicated that there was an employee training program in place to address data security matters, they were limited in that they did not create behavioral changes in employees. The best advice for companies is to develop stronger data security programs and policies to crack down on offenses. 

Recommended Reading

Filed Under: Learning

Editors' picks

Company Announcements

View all | Post a press release
Ignition Coaching Partners with ion Learning to Launch Breakthrough Solution to Employee Burno…
From ion Learning
October 24, 2024
Goodpath Launches Whole-Person Care Pathways for Diabetes and Weight Management
From Goodpath
October 23, 2024
myHR Partner is Recognized as a 2024 Power Partner Award Winner
From myHR Partner
October 22, 2024
CuraLinc Healthcare Announces Strategic Acquisition of Marquee Health
From CuraLinc Healthcare
October 29, 2024
Editors' picks
Latest in Learning
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell