Firms see human error as risk to cyber security

According to the 2016 Security Tracker Survey results, 41 per cent of responding C-suite executives and 47 per cent of responding small business owners recognize that employee lack of knowledge and human error concerning information security protocols are the biggest threats to their company in the future.

Despite this finding, Canadian businesses seem not to be prioritizing employee training and auditing on company information security procedures and industry legal requirements. According to the study, 31 per cent of respondents among C-suite executives say they train employees more than once a year on their industry’s legal compliance requirements. Among small business owners, 39 per cent of respondents never train employees on their company’s information security procedures, 31 per cent only do it on an ad-hoc/as-needed basis and 47 per centonly audit their policies every few years or less.

“With little training on information security procedures, employees are forced to make the decision as to what is and what isn’t considered confidential. Should they make an error in judgment, the organization can unintentionally be exposed to serious information security issues and the potential for fraud,” says Andrew Lenardon, global director, Shred-it. “To mitigate this uncertainty and help employees understand their roles and responsibilities for data management, business leaders must conduct frequent training and test that training with audits of internal and external protocols.”

Approximately half of the respondents in the C-suite executives category (57 per cent) and less than half (43 per cent) of the respondents in the small business owners category have a protocol for storing and disposing of confidential paper data that is strictly adhered to by all employees, and a similar number have a protocol addressing electronic devices that is strictly adhered to by all employees.

“By failing to ensure employees understand and follow security policies, Canadian businesses are putting their organization and reputations at-risk by exposing valuable customer, employee and business data,” says Lenardon. “Regular training and auditing not only mitigates the risk of data breaches caused by human error or lack of knowledge of security practices, but also serves as a helpful reminder to employees to follow policies.”

The Security Tracker Survey was conducted by Ipsos in March 2016, reaching 1000 small business owners in Canada and 100 C-suite executives working for businesses in Canada with a minimum of 100 employees. The precision of Ipsos online surveys are calculated via a credibility interval. In this case, the Canada SBO sample is considered accurate to within +/- 3.5 percentage points had all small business owners been surveyed, and the Canada C-suite sample is accurate to within +/- 11.2 percentage points had all C-suites in been surveyed.

Download the current report here.