Are your employees liable for data breaches?

Cybersecurity firm advises firms on minimizing risks from uninformed, careless or irresponsible workers

Are your employees liable for data breaches?

Business Strategy


Companies are beginning to recognize that their own employees, through human error, sheer carelessness or simple unawareness, can make businesses vulnerable to cyberattacks.

A survey among over 5,000 businesses worldwide by Kaspersky Lab and B2B International showed that 52% if businesses admit that employees are “their biggest weakness in IT security, with their careless actions putting business IT security strategy at risk.”

Business are worried about employees sharing inappropriate data via mobile services (47%), the physical loss of mobile devices exposing their company to risk (46%) and the use of inappropriate IT resources by employees (44%).

The study also showed that small businesses (with 1 to 49 employees) may be more at risk that companies with, say, a staff of more than 1,000. This is because small businesses likely give their employees greater flexibility in using business IT resources.

“Staff may make mistakes that put their company’s data or systems at risk – either because they are careless and accidently slip up – or even because they do not have the required training to teach them how to behave appropriately and to protect the business they work for,” Kaspersky said.

Security events increased 11% in 2017, with many as 49% of businesses worldwide reported being attacked by viruses and malware this year, an 11% increase compared to 2016 results. Of those that experienced virus and malware incidents, 53% consider careless/ uninformed employees to be a top contributing factor and over a third (36%) consider phishing/ social engineering to have contributed to the threat.

For example, 46% have confirmed that those incidents have resulted in their business’s data being leaked or exposed because of employee actions. In addition, over one in four (28%) have lost highly sensitive or confidential customer/employee information as a result of irresponsible employees, while 25% have lost payment information.

Then again, not every instance arises from inadvertence; in the past 12 months, 30% of security events involved staff working against their own employers.

Moreover, employees don’t always take action when their company is hit by a security incident. In fact, in 40% of businesses around the world, employees hide an incident when it happens. But hiding an incident may have grave consequences – an unreported event can lead to an extensive breach of an entire infrastructure.

The hide-and-seek problem appears more challenging for large companies (45%) as compared to very small businesses (29%). Businesses should communicate such breaches not only to employees but also to top management and HR.

Finally, the Bring-Your-Own-Device trend, while it has some advantages, contribute greatly to increasing the vulnerability of companies to security threats.

To minimize the effects of these worrying figures, Kaspersky advises companies to put in place IT security policies – and make sure employees know and understand them.

Staff members should also be regularly trained to arrest lack of knowledge or carelessness.

Keep up with the latest news and events

Join our mailing list, it’s free!