The biggest risk to a European company's cybersecurity is not, as often believed, external hackers and overseas-based virus attacks, but an organisation's own employees. Whether unknowingly or intentional, the actions of those within an organisation have been shown to be the biggest threat to the digital security of a company, according to new research by technology and telecommunications company Telstra.
One of the key findings from the Telstra Cyber Security Report 2019, the study found that 88 per cent of surveyed European organisations were impacted by unintentional human error in the past year resulting in at least one incident of compromised security, integrity or availability of service.
The study, which surveyed close to 1,300 professionals across 13 countries, also revealed the frequency of these instances – 10 per cent of European companies reported experiencing weekly occurrences, 20 per cent reported monthly occurrences and 22 per cent said that it happened at quarterly intervals. Compounding this is the time it takes to detect an unintentional security incident – 27 per cent of those who were surveyed said it took days, on average, to identify such errors, while 15 per cent said it took weeks.
Perhaps even more concerning for European businesses is the number and frequency of malicious actions that are deliberately inflicted by employees. The study found that a fifth (20%) of companies surveyed experienced security incidents due to intentional employee actions on a monthly basis, and 22 per cent said it occurred every six months.
Robert Robinson, Security Practice Lead at Company85, a Telstra company said that organisations are so focused on external threats that they can often forget about the threat posed by their own employees.
"While unintentional human error and malicious activity are not 'traditional' methods of attack, it is no surprise that these are some of the leading causes of business disruption. This is because so much investment goes towards preventing external threats, the risks posed by internal employees can often be underestimated.
"What organisations need to do is make sure that their cyber security investment is proportioned well enough to properly train, educate and review staff and internal processes to ensure human error and malicious threats can be minimised."
Other key findings from the data include:
46 per cent of European respondents surveyed indicated that the level of concern from customers on data privacy has increased over the past 12 months
83 per cent of European organisations surveyed spend up to 20 per cent of their overall IT budget on security
Human error is the biggest source of concern related to European organisations' security incidents (20%)
Half of European victims (50%) who experienced a ransomware attack paid the ransom
The Report also found that security breaches of all types are still extremely prevalent as 64 per cent of European organisations suffered at least one security breach in the past year that resulted in a confirmed disclosure.