Staff still cyber security’s weakest link amid emerging risk concerns

Insurer QBE has warned business have to be on alert to a range of emerging cyber risks as its research found almost a third of employees (31%) have made mistakes that could impact the cyber security of their workplace.

The earning came as the survey found the mistakes ranged from falling victim to a phishing scam (5%), accidentally clicking a link or downloading something that resulted in malware being added to a work device (7%), losing or having a work device stolen (6% and 7%) to sharing passwords with colleagues (13%).

Concerningly less than half of those surveyed said their workplace has the following in place to mitigate potential cyber risks, including:

  • Cyber security training for employees in place (46%)
  • Multifactor authentication (MFA) to log on to work devices/systems (43%)
  • Phishing and cyber scam simulation exercises (29%)

QBE added the results suggest that companies should be looking into how they can educate employees to be more aware of risks and take necessary steps to mitigate them in order to have a more robust cyber security plan in place.

Erica Kofie, Head of Cyber Proposition for QBE Europe said: “Your employees can be your weakest link when it comes to cyber security and it is important to have an education programme in place to remind   them about the risks, how to spot suspicious activity and what to do (and not do). Sporadic phishing simulations are also recommended to highlight areas of your workforce you might need to spend more time educating about the risks.”

With the nature of cyber-attacks constantly evolving, businesses should make sure they are regularly reviewing cyber plans to keep up.

Phishing is one example where techniques by criminals are becoming increasingly sophisticated. 13% of employees surveyed said they would not feel confident in recognising a phishing scam.

In addition, with the rise in artificial intelligence, the majority of those surveyed (56%) said they believe AI will actually increase cyber risk rather than reduce it (12%).

Kofie said businesses will need to be aware of the emerging risks. She added that companies should be  looking at factors such as IT security, employee training and response plans to not only be more resilient to cyber risks, but also to improve their risk profile for, which affects the level of coverage cyber insurers will offer and at what premium.

“It’s crucial for businesses to take stock of their cyber security, not only to address any gaps that might let criminals in, but also to ensure they can access full levels of insurance,” Kofie continued. “As part of our ongoing dialogue with customers, we focus on ‘being ready’, and part of this includes sharing appropriate information on failed attacks, which protections worked, the vulnerabilities which have allowed cyber breaches to happen, and ways to improve security.”