"Employee Policy Violations Cause 26% of Cyber Incidents"

According to security researchers at Kaspersky, a substantial 26% of cyber incidents in businesses over the last two years are the result of intentional security protocol violations by employees.  This figure closely rivals the 20% attributed to external hacking attempts.  The researchers discovered that intentional policy violations by employees, spanning both IT and non-IT staff, played a significant role in cyber incidents.  Notably, IT security officers, other IT professionals, and non-IT colleagues were identified as sources of breaches, contributing to 13%, 12%, and 4% of incidents, respectively.  Examining individual employee behavior, researchers revealed that 22% of incidents resulted from deliberately using weak passwords or failing to change them promptly.  Additionally, 18% were linked to staff visiting unsecured websites, while 25% occurred due to neglecting system software or application updates.  The researchers noted that unsolicited services or devices were identified as significant contributors to intentional policy violations, with 14% of companies experiencing incidents due to unauthorized systems for data sharing.  Particularly concerning was the finding that 20% of malicious actions were committed by employees for personal gain, with the financial services sector notably reporting 34% of such incidents.

Infosecurity reports: "Employee Policy Violations Cause 26% of Cyber Incidents"