Employees this year performed worse than in 2017 across all eight threat vectors measured. Specifically, those surveyed did significantly worse in identifying malware warning signs, knowing how to spot a phishing email, and social media safety.
Employees in management roles or above showed riskier behaviors than entry- or mid-level employees. Seventy-seven percent of respondents in management showed a general lack of awareness, while 74 percent of those in subordinate positions scored the same.
Employees in the finance sector performed the worst of the seven industry segments analyzed, with 85 percent of finance workers showing some lack of cybersecurity and data privacy knowledge.
Fourteen percent of employees lacked the ability to correctly identify phishing emails. This is a notable increase in respondents who showed risky behaviors when it came to phishing attempts from our 2017 survey, in which only 8 percent of employees struggled in this area.
Over a quarter of respondents would take risky actions around physical security. This number has jumped up 42 percent since 2016.
“We live in an age where stories about cybersecurity are constantly swirling, which can actually create a sense of security fatigue,” Pendergast said. “But these levels of riskiness are alarming. It only takes one person to click on the wrong email that lets in the malware that lays on the server and exfiltrates your company’s data for 90 days before anybody notices. Without everybody being more vigilant, people and company data will continue to be at risk.”