In the past two years, more than a third (37 per cent) of all cyber security incidents in Germany were due to employee misconduct. Hackers were only responsible for around 27 per cent of cyber security incidents. Security incidents were often related to negligence, but 30 per cent were due to phishing attacks. 15 per cent of the breaches were deliberately committed by IT specialists, and eight per cent were even committed by IT security officers. These are the findings of a recent Kaspersky survey.

Companies are confronted with various security risks; employees are more frequently responsible for security incidents than hackers. In companies in Germany that have been confronted with security incidents in the past two years, 37 per cent were due to human error and 30 per cent to breaches of protocols; hackers accounted for only 27 per cent.

Cybersecurity rules are often disregarded

The Kaspersky study shows that cyber security rules are also disregarded by IT employees – sometimes deliberately. For example, 15 per cent of incidents in companies in Germany were caused by deliberate breaches by IT specialists, while IT security officers were responsible for a further eight per cent; eleven per cent of deliberate breaches were caused by non-IT employees.

Almost one in three security incidents (30 per cent) was due to the reaction of employees to a phishing attack. However, the security incidents were often related to negligence: 19 per cent of incidents were due to system or application software not being updated at the required time. A further 17 per cent were caused by visiting insecure websites and 11 per cent by using weak passwords or not changing them in time.

Frequent use of unauthorised devices

The frequent use of unauthorised devices or shadow software is also alarming. In more than one in five companies (21 per cent), incidents occurred because employees used unauthorised systems for data exchange. In just as many companies, sending data to private email addresses led to cyber security incidents. In 19 per cent of cases, employees used unauthorised devices to access data or unauthorised shadow IT on work devices.

Companies also have to contend with deliberate misconduct by employees. In 17 per cent of incidents at companies in Germany, employees acted with malicious intent and for their own benefit. Worldwide, this behaviour is particularly widespread in the financial sector: More than one in three companies (34 per cent) experienced such deliberate and targeted security breaches by employees.

“In addition to external cyber security risks, many internal factors also lead to security incidents in companies,” states Alexey Vovk, Head of Information Security at Kaspersky. “As our analysis shows, employees from all departments and in all roles can have a negative impact on cyber security, whether intentionally or unintentionally. This emphasises the importance of taking measures to prevent breaches, for example by implementing an integrated approach to cyber security. Globally, a quarter of all cyber incidents are due to deliberate breaches of existing cyber security policies, while more than a third of incidents are due to human error. Organisations should therefore build a strong cybersecurity culture from the outset; cybersecurity policies must be defined and enforced and cybersecurity awareness must be embedded in the minds of employees. This will make employees more responsible in their use of the policies and aware of the potential consequences of breaches.”


Share post

More articles

Every company that uses Microsoft technologies is familiar with this: its own Windows environment is constantly growing, numerous settings are changed in the Active Directory every day, objects are created and deleted again. What about...
“The cloud is another name for “someone else’s computer,” and you need to understand how much or how little you trust that computer.” (Bruce Schneier). The quote comes from the context of the LastPass breach...
In a data center of the cloud provider OVH in Strasbourg, millions of customer data were finally destroyed in February 2021. Apparently, the fire protection measures were not sufficient. What about your information security measures?...