SGGPO 11/29/2023 12:41 PM

New research from Kaspersky shows that employees violating an organization's information security policies are just as dangerous as hacker attacks.

There should be specific security policies for employees to ensure information security.

In the past two years, 33% of cybersecurity incidents at businesses in Asia Pacific (APAC) were caused by employees deliberately violating security protocols. This figure is close to the damage caused by cyber data breaches, with 40% of cyber incidents caused by hacker attacks in the region. These figures tend to be higher when compared to the global average of 26% and 30%, respectively.

Kaspersky research revealed that, in addition to technical errors beyond human control, employee information security policy violations are also one of the most serious issues for businesses in the region.

In terms of individual employee behavior, the most common problem was employees intentionally engaging in behaviors that violated company policies and, conversely, doing things they were not asked to do. Research participants said that 35% of cybersecurity incidents were due to weak passwords and not changing passwords regularly, 10% higher than the global result of 25%.

In addition, 32% of APAC employees reported accessing unsecured websites leading to data breaches, while 25% reported that their business faced network issues because their colleagues failed to update software and applications when required by the system.

“It is alarming that there have been many data breaches and ransomware attacks in the region this year, yet many employees still deliberately violate basic information security policies. Kaspersky’s latest research proves that APAC data breaches are consistently higher than the global average, so a multi-departmental approach is an effective way to build a corporate security culture that addresses the human element that cybercriminals exploit,” said Adrian Hia, Managing Director of Asia Pacific at Kaspersky.