The study found that 99.7% are worried about cybersecurity incidents that occur as a result of insider actions. In particular, they were concerned about malware being installed by workers (73%), stolen or compromised credentials (66%), stolen data (65%) and abuse of administrative privileges (63%).
Most, however, did not think that these threats were as a result of malicious employees. Rather, they believed that incidents were likely to be because of hapless workers causing issues by accident.
The report stated: “Almost 9 in 10 security professionals (87%) don't think malicious employees are the greatest threat to their organisation. Only 13% indicated that they were most concerned about individuals who were intentionally trying to hurt the business by compromising security.”
To combat this, 95% said that they are involved in training their staff about how to use IT in a secure way. Unfortunately, this training did not seem to be effective.
“Most did agree that the training did have an impact, with 69% rating the training as ‘somewhat effective’, but only 10 percent felt that their efforts were ‘very effective’, far fewer than the 21 percent who rated their training as ‘not effective, but better than nothing’,” the report said.
Register for your FREE* Cyber Security Assessment today!