A Kaspersky study underscores the severity of intentional employee-driven cybersecurity breaches in the Asia Pacific region, revealing that 33% of cyber incidents over the last two years were attributed to employees intentionally violating security protocols. The study calls for a multi-departmental strategy to fortify cybersecurity culture, emphasizing the need for comprehensive control features and awareness initiatives.
27 November 2023 – In a recent study conducted by cybersecurity experts Kaspersky, it has been revealed that intentional violations of information security policies by employees within organizations pose a significant threat, parallel to external hacker attacks. The Asia Pacific (APAC) region has experienced 33% of cyber incidents over the past two years as a result of deliberate breaches by employees, underscoring the critical need for a comprehensive approach to cybersecurity.
The study, involving 234 respondents from the APAC region, shed light on the pervasive issue of intentional policy violations by both non-IT and IT employees. Senior IT security officers were found to contribute significantly to cyber incidents, causing 16% of breaches—4% higher than the global average. The study highlights common employee behaviors such as weak passwords, failure to update software, and visiting unsecured websites as key factors leading to cybersecurity breaches.
Kaspersky recommends a multi-departmental strategy to fortify enterprise cybersecurity culture, urging organizations to address the human-factor gap that cybercriminals exploit. The study advocates the use of cybersecurity products with comprehensive control features, emphasizing the importance of an integrated cybersecurity approach and meticulous data transfer management. Furthermore, the study stresses the significance of developing and enforcing security policies while fostering cybersecurity awareness among employees.
Notably, the study reveals that 26% of malicious actions were driven by employees seeking personal gain, with the financial services sector reporting 18% intentionally malicious information security policy violations.