Employee accidents a growing cybersecurity threat

While companies have long been concerned about external bad actors breaching security, internal threats are gaining prominence.

This is according to a survey, conducted by EisnerAmper's outsourced IT services practice during November 2022, which found that companies remain most concerned about external hackers causing a cybersecurity breach, with 75% saying the next attack will likely come from there. However, almost as many — 71% — are concerned about their own workers who aren't necessarily malicious in the same way, but whose mistakes could imperil the firm none the same. Far fewer believe an employee would deliberately do anything to harm their systems, at just 23%.

When a breach does happen, too, many are not confident that their firms will be prepared. The survey found somewhat muted faith in current safety measures, with the largest share (51%) saying they are only "somewhat prepared," while 39% feel "very prepared," 6% feel they are not at all prepared in their overall cyber defense strategies, and 4% are unsure. When asked about internal cyber defense, 57% are "somewhat confident," 37% are "very confident," and 6% are "not at all confident."

This lack of confidence, said the report, underscores a lack of training and education around cyber security matters. Only half (50%) said they are conducting cybersecurity training on a regular basis. A total of 44% held a training within the prior six months, while 25% held a training more than seven months ago, and an alarming 31% said they had never held a single training event.

"A decade ago, business leaders likely equated cybersecurity breaches with external hackers, but the new normal of virtual and hybrid work has exposed a wide array of new cybersecurity threats, many coming from the inside," said Rahul Mahna, partner and head of outsourced IT services at EisnerAmper, in a statement. "Businesses need to optimize their resources to ensure they are sparing no proactive measures. An important first step is training staff and refreshing that education at regular intervals.  Given the increase in virtual/hybrid work, most companies should be conducting cybersecurity training at least quarterly. It's far more efficient to spend up front on education, state-of-the-art software and hardware and, most of all, reliable IT staff who feel a stake in the company's success."

For reprint and licensing requests for this article, click here.
Technology Cyber security Employee engagement Training
MORE FROM ACCOUNTING TODAY