Understanding employees’ motivations behind risky actions

2024-02-28 05:30

The findings from this year's report notably challenge the traditional belief that people take risky actions due to a lack of cybersecurity knowledge and that security awareness training alone can fully prevent unsafe behaviors.

The conundrum extends to security professionals' belief that most employees know they are responsible for protecting the organization, signaling a gap between the limitations of individual security technology and user education.

96% did so knowing the inherent risks involved, meaning that 68% of employees willingly undermined their organization's security.

The motivations behind risky actions are varied, with most employees citing convenience, the desire to save time, and a sense of urgency as their main reasons.

While 85% of surveyed security professionals said that most employees know they are responsible for security, 59% weren't sure or claimed they were not responsible.

Even though virtually all employees who took a risky action knew the inherent risks-a clear indication security training is working to drive employee awareness-, there are clear disparities between what security professionals and employees think is effective to encourage real behavior change.

News URL

https://www.helpnetsecurity.com/2024/02/28/employees-risky-actions/