Older employees are more likely to follow company cybersecurity policies than younger ones, according to an ObserveIT report.
While employees understand the concept of insider threats, the business security risk posed by accidental or negligent behavior continues to mount, according to a new report from ObserveIT.
Of the 1,000-plus full-time employees from organizations with more than 500 workers, 64% agreed that careless employees or contractors were the most common cause of insider threats. This directly corresponds with a recent Ponemon Institute report, which found negligent insider actions caused 64% of all insider threat incidents in the past year.
The risk posed by insider threats grows greater each year, the Ponemon Institute report found: Since 2016, the average number of incidents involving employee or contractor negligence increased by 25%, and the cost to contain an incident in North America rose to $11.01 million.
SEE: Intrusion detection policy (Tech Pro Research)
However, insider threats vary depending on which generation the employee belongs to, ObserveIT found.
Generation X and Baby Boomers were the least risky generations within the workplace, as 90% of 45-54 year olds and 55-64 year olds said that they follow their company’s cybersecurity policy, according to the report.
Meanwhile, Generation Z posed the highest cybersecurity risk to organizations, as 34% of the 18-24 year olds said that they don’t know or understand what is included in their company’s cybersecurity policy. This group was also the most likely generation to reportedly not follow their company’s security policies, even when they do understand it.
While employees overall claim to understand insider threats and adhere to cybersecurity policies, the fact that these incidents continue to rise indicates that organizations may be lulled into a false sense of security, the report noted. A lack of consistent understanding around the risks posed by insider threats can introduce accidental or negligent behavior into the workplace, costing organizations more money and resources.
“While the threat of the insider continues to grow, this research proves that when it comes to cybersecurity awareness and insider threat prevention, organizations need to take a holistic approach to cybersecurity and focus on people first, then processes and technology,” ObserveIT CEO Mike McKee said in a press release. “With a new generation entering the workforce, organizations should increase security awareness training for new hires and implement processes and technology to ensure both employees and contractors with access to systems and data understand and adhere to the company cybersecurity policy to prevent insider threats.”
