Bored and distracted employees are the biggest cause of human error at work, and could therefore be a major data security risk, according to a new poll carried out at Infosecurity Europe.
Security vendor Centrify asked 165 attendees at the three-day event this week what they thought was the major reason behind employees making mistakes at work, in a bid to investigate why humans are prone to risky behavior.
The largest group (36%) pointed to boredom and distraction, although other popular answers included heavy workload (19%), poor management (11%) and failure to recognise data security responsibilities at work (8%).
Others claimed that excessive policies and compliance regulations (5%), social media (5%) and password sharing (4%) were major causes of human error in the workplace.
More than half (57%) said they thought businesses will eventually trust technology enough to replace employees as a way of avoiding human error at work.
However, three-quarters (74%) argued that it is the responsibility of the employee, rather than technology, to ensure that their company avoids a potential data breach.
“It’s interesting that the majority of security professionals we surveyed are confident that businesses will trust technology enough to replace people so that fewer mistakes are made at work, yet on the other hand firmly put the responsibility for data security in the hands of employees rather than technology,” comments Andy Heather, managing director of Centrify Emea.
“It seems that we as employees are both responsible and responsible—so, responsible for making mistakes and responsible for avoiding a potential data breach. It shows just how aware we need to be at work about what we do and how we behave when it comes to our work practices in general and our security practices in particular.”
The stakes couldn’t be higher for organizations, with heavy potential fines looming for non-compliance with the forthcoming GDPR.
A recent Centrify study claimed that the average firm suffers a 5% decline in its share price following a data breach.