Skip to main content

Nearly half of employees have made a serious security mistake at work

Frustrated man at laptop
(Image credit: Shutterstock)

New research from email security firm Tessian has revealed that almost half (43%) of employees in the US and UK have made mistakes at work that have resulted in cybersecurity repercussions for themselves or their company.

Tessian surveyed 2,000 professionals between the ages of 18 and 51 to find out more about why workers make mistakes and how they can be prevented before they end up turning into data breaches.

Of the employees surveyed, a quarter of them confessed to clicking on links in a phishing email at work. Tessian's research also found that employees between 31 and 40 years of age were four times more likely than employees over age 51 to click on a phishing email. At the same time, male employees were twice as likely to do so than their female coworkers.

Distraction was the top reason for falling for a phishing scam according to 47% of the employees surveyed. This was closely followed by the fact that the email appeared to be legitimate (43%) with 41% saying the phishing email looked like it came from a senior executive or a well-known brand.

Work mistakes

The report also found that 58%of employees had sent a work email to the wrong person with 17% of these emails going to the wrong external party. 

Emailing the wrong person can have serious consequences for both an employee and their organization as the incident must be reported to regulators as well as customers. Of those surveyed, one fifth said their company had lost customers as a result of a misdirected email while one in 10 employees (12%) lost their jobs.

Fatigue was the main reason cited for misdirected emails at 43% followed by distraction at 41%. Distraction is now a more pressing concern as 57% of respondents admitted to being more distracted while working from home. Employees also revealed that they make more mistakes when stressed (52%), tired (43%) and working quickly (36%).

“Cybersecurity training needs to reflect the fact that different generations have grown up with technology in different ways," said Tessian CEO and co-founder Tim Sadler.

"It is also unrealistic to expect every employee to spot a scam or make the right cybersecurity decision 100% of the time. To prevent simple mistakes from turning into serious security incidents, businesses must prioritize cybersecurity at the human layer. This requires understanding individual employees’ behaviors and using that insight to tailor training and policies to make safe cybersecurity practices truly resonate.”