Not a Member? Get access to HR news and resources that you can trust.
HR professionals share their advice for minimizing worker stress and boosting retention.
Is your employee handbook ready for the changing world of work? With SHRM’s Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Virtual SHRM-CP/SHRM-SCP Certification Prep Seminars kick off September 12 and fill up fast!
Expand your influence and learn how to become an effective leader. Join us in Phoenix, AZ | OCTOBER 2 - 4, 2017
A new study reveals that companies believe malware and hacking are the top data security concerns, but actually their own employees’ actions are the largest cause of security breaches.
Human error accounts for 52 percent of the root causes of security breaches, according to a
study from CompTIA, the IT industry association. CompTIA’s Trends in Information Security study was conducted in January 2015 among 700 business executives and technology professionals at U.S. companies.
Asked about the top examples of human error, 42 percent of those surveyed cited “end user failure to follow policies and procedures,” another 42 percent cited “general carelessness,” 31 percent named “failure to get up to speed on new threats,” 29 percent named “lack of expertise with websites/applications,” and 26 percent cited “IT staff failure to follow policies and procedures.”
Notably, despite over half of respondents naming human error as the leading cause of security breaches, only 30 percent cited “human error among general staff” as a serious concern, and only 27 percent cited “human error among IT staff” as a serious concern.
Experts often say more employee training is needed to address the “human firewall” issue, however, according to the study, only 54 percent of those surveyed said that their company offers some form of cybersecurity training.
Of those, 71 percent indicated that training is done during new-hire orientation, 65 percent responded that training is ongoing, 50 percent said they use random security audits, 46 percent said security policies are physically posted, and 39 percent said an online course is offered.
There are certain technology solutions available that can help mitigate human error. Data loss prevention tools are currently in use by 58 percent of companies, according to the survey, identity and access management solutions are being used by 57 percent of respondents, and security information and event management technology is being employed by 49 percent.
Only half of the companies surveyed believe they have a comprehensive security policy in place, whereas the other half indicated that their company does not currently have a security policy, or that the organization is still working on one.
Just over half of the companies surveyed (52 percent) said greater interconnectivity such as cloud computing and mobile technology has created new security considerations and that legacy security systems and practices are often not sufficient.
Roy Maurer is an online editor/manager for SHRM.
Follow him @SHRMRoy
SHRM Online Safety & Security page
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Join SHRM's exclusive peer-to-peer social network
SHRM’s HR Vendor Directory contains over 3,200 companies
[/_catalogs/masterpage/SHRMCore/Main.master][Title][SHRM Online - Society for Human Resource Management]