Legal help for data breach compensation claims

Are employees the biggest cybersecurity threat to businesses?

Start Your Claim Today!

Your privacy is extremely important to us. Read how we handle your data in our Privacy Policy

Research tells us that the biggest threat to a company or organisation’s cybersecurity is its own employees.

Although cyber-attacks are usually initiated by third party actors with malicious intent, it can be the shortcomings of employees that allow systems to become vulnerable. On top of that, employees who fail to adhere to policies and procedures are normally responsible for data leaks. With many employees working remotely, or with the ability to log in to servers from home, risks are increasing all the time.

One global security strategist, Derek Manky, previously suggested that the threat level for cybersecurity is increasing:

“…every minute, we are seeing about half a million attack attempts that are happening in cyber space.”

There is a general consensus amongst the cybersecurity community that cyber-attacks and breaches are rising sharply and we can see evidence of this when hacks occur. The U.K. Government previously found that two-thirds of large businesses experienced a cyber-breach. The figure isn’t surprising in the digital era, as more data is being passed from different cloud systems, and more work is contracted out to third parties. There are millions of internet-connected devices across the world, which are all devices that could be potentially hacked.

By 2020, some experts predict the number of connected devices will grow to 20 billion.

Are employees the biggest threat?

Experts previously suggested that one of the biggest risks for a business is their own employees. A Kaspersky report indicated that data breaches caused by careless employees amounted to almost 60% of all breaches.

It’s thought that cyber-attackers can get easy access to data through employees who are careless or uninformed. This could be because the company doesn’t have adequate cybersecurity training for their employees, or just that employees don’t always take such things seriously. It’s not just employees who have to exercise due diligence, as it’s also the company’s responsibility to ensure that there are company policies and procedures that are conveyed clearly to employees in order to minimise cyber-hacks.

Threat from rouge employees

A poll undertaken in 2014 by the British Standards Institution (BSI) found that 37 per cent of respondents said the biggest cybersecurity threat was rogue employees. Risk management expert, Suzanne Fribbins, said that it doesn’t come as a surprise as employees are the one thing that can’’t be controlled. It’s not that employees are maliciously taking action that threatens cybersecurity, but it may just be that they do not understand the importance of it.

The ‘insider threat’ may come as a consequence of employees leaving documents lying around or perhaps not password-protecting a laptop,  or even taking work home. Of course, not all employees are honest and truthful; some employees may intentionally steal information, but this reportedly makes up a small percentage of the data breaches.

Can you claim if the breach is caused by an employee?

An employer can be vicariously liable for the actions of an employee, so the negligence of an employee will often fall on to the organisation. This allows people to claim against the organisation as opposed to an individual personally, who probably doesn’t have the insurance or finances to meet a claim.

Although not every scenario can be controlled by the employer, they are still the ones with the overall responsibility for the employee’s actions.

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a call back from our team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.

First published by Editor on January 16, 2018
Posted in the following categories: Data and tagged with |


New ICO powers to fine organisations up to £17 million
Most U.K. citizens don’t trust organisations and businesses with their personal data
%d bloggers like this: