Cybersecurity risks inherently rose with remote and hybrid working environments that have become the norm. U.S. cyber incidents led to at least $7 billion in potential losses in 2021 alone, according to the FBI.
The expanded attack surfaces are ideal for hackers and state-backed bad actors. However, human risk also grows. Surprisingly, younger generations, who tend to be more digital savvy having grown up in a tech-driven world, add more to the human risk factor than other workforce generations.
According to data from Ernst and Young, 83% of U.S. employees understand their employer's cybersecurity protocols, but Gen Z and millennial workers are least likely to prioritize or adhere to them. Workers say they are knowledgeable about cybersecurity protocols in the company, but younger generations tend to disregard mandatory IT updates for as long as possible, use the same password for their professional and personal accounts and accept web browser cookies on work-issued devices.
This is worrying because these two generations make up the majority of the workforce today, while older generations are entering or nearing retirement. Not taking cybersecurity protocols seriously only increases that human risk factor that can result in a costly data breach.
"This research should be a wake-up call for security leaders, CEOs and boards because the vast majority of cyber incidents trace back to a single individual," said Tapan Shah, Ernst and Young Americas consulting cybersecurity leader.
Organizations need to take the necessary precautions to advise employees to be smarter and more proactive when it comes to cybersecurity. One step is to educate the workforce about how to live and operate safely in a digital world. Educate employees about more than security at work. Teach them safe cybersecurity practices for their personal lives and their families. Teach the role-based risks and the consequences and then give simple, immediately actionable guidance.
Another step organizations can take is to understand employees' workflows, identify the moments of highest human risk and create interruption points or behavior prompts. The goal of a behavior prompt or technical control interruption is to focus on an individual's actions to follow the proper procedure to minimize risk.
“Human risk must be at the top of the security agenda, with a focus on understanding employee behaviors and then building proactive cybersecurity systems and a culture that educates, engages and rewards everyone in the enterprise,” said Shah.
The bottom line is the impact of cyber incidents can’t be understated. They not only affect businesses that suffer breaches, but their employees and customers as well. Cyber education combined with effective security technology is a must for every business today.
Edited by Erik Linask