The comprehensive EY 2024 Human Risk in Cybersecurity Survey examines how human factors affect organizational cybersecurity risks. Employee habits, views, and practices affect corporate security, according to the poll. This article discusses the survey’s primary results and insights, giving a comprehensive knowledge of human cybersecurity risk and concrete mitigation solutions.

Understanding Human Cybersecurity Risk

Human risk in cybersecurity refers to purposeful or inadvertent human behaviors that create vulnerabilities and hazards. Employee actions including phishing schemes, weak passwords, and data mismanagement typically cause these dangers. A complete cybersecurity strategy must manage human risk, according to the EY survey. Understanding these hazards’ sources allows organizations to tailor efforts to mitigate their impact.

Human danger is high in various regions, according to the report. The need for staff awareness and training is highlighted. Despite broad awareness of cybersecurity concerns, many employees lack the knowledge and ability to defend against them. This understanding gap sometimes leads to bad cybersecurity practices like clicking on questionable websites or not updating software.

Key findings from the 2024 EY Human Risk in Cybersecurity Survey: Employee Awareness and Training

The poll found that staff awareness and training are crucial. Our analysis shows that many employees are unaware of fundamental cybersecurity recommended practices. This ignorance raises the danger of cyberattacks on staff. According to the report, companies should emphasize cybersecurity training for staff.

Social engineering, phishing

Phishing and social engineering are still viable cybercrime strategies. The survey shows that these assaults cause many security breaches. Employees often fail to spot sophisticated phishing efforts, resulting in stolen passwords and critical data breaches. The report suggests enhanced phishing simulations and ongoing employee training to reduce this danger. 

Secure Password

Our survey found weak password habits to be another major human risk. Many employees use guessable passwords or repeat them across accounts. This technique presents weaknesses attackers can use to access systems and data. Strong password rules and multi-factor authentication (MFA) are stressed in the study to improve security.

Threats from inside

Both deliberate and inadvertent insider attacks represent a significant danger to enterprises. The poll shows that insiders, including workers and contractors, may do enormous damage if they misuse access credentials or leak critical information. Organizations should build strong access controls, perform frequent audits, and promote openness and responsibility to mitigate this risk.

Remote and hybrid workplaces

Remote and hybrid work situations have made human risk management harder. Unsecured home networks and the usage of personal devices for work make remote workers more vulnerable to cyberattacks, according to the poll. Secure remote access and remote worker cybersecurity best practices must be part of organizations’ cybersecurity plans to solve these issues.

Third-Party Risks

The report also highlights third-party vendor and partner concerns. External providers of services might increase vulnerabilities for organizations. The report suggests undertaking extensive due diligence when selecting third-party providers and setting explicit security criteria to guarantee they meet the organization’s cybersecurity standards.

Minimizing the impact of cyber events requires effective incident response and recovery strategies. The poll found that many firms lack incident response strategies, delaying and failing to address security incidents. To increase resilience, firms should create and test incident response plans to ensure that all workers know their duties during a cyber disaster.

Cybersecurity Human Risk Mitigation Advice

Key findings from the EY 2024 Human Risk in Cybersecurity Survey suggest numerous ways firms might reduce human risk:

Enhance Training and awareness for employees

Companies should invest in comprehensive cybersecurity training that covers phishing awareness, password security, and secure remote working. These programs should be continuous and include practical activities to reinforce learning.

Implement Multi-factor authentication

Multi-factor authentication (MFA) requires numerous verifications before accessing systems and data, adding security. Organizations should require MFA on all important systems to prevent unauthorized access.

Regularly simulate phishing

Employees learn to spot and handle phishing attacks through simulations. By routinely performing simulations, businesses may evaluate their training programs and suggest areas for further instruction.

To improve security, organizations should mandate difficult and unique passwords for each employee account. Password managers help create and maintain secure passwords.

Establish Strong Access Controls

To restrict workers to job-related information and systems, access restrictions should be developed. Regular audits should find and fix unnecessary access rights.

Prepare and Test Incident Response Plans

Organizations should have detailed cybersecurity incident response strategies. Test these strategies often with tabletop exercises and simulations to assess their efficacy.

Promote Cybersecurity

Creating a cybersecurity culture requires organization-wide understanding and accountability. Leadership should stress cybersecurity and model optimal practices.

Safe Remote Workplaces

Organizations should offer secure remote access and train staff on safe remote work to handle remote work problems. VPNs and device security are examples.

Manage Third-Party Risks

When choosing third-party contractors, companies should perform their research and include security criteria in contracts. Regular inspections and audits should verify third-party partners meet the organization’s cybersecurity standards.

Conclusion

The EY 2024 Human Risk in Cybersecurity Survey sheds light on human aspects affecting cybersecurity risks in organizations. Companies may dramatically minimize human risk and improve cybersecurity by understanding the major findings and applying the recommended measures. Organizations must emphasize human risk management and promote cybersecurity knowledge and accountability as cyber threats advance. 

FAQs

What is the 2024 Human Risk in Cybersecurity Survey?

The 2024 Human Risk in Cybersecurity Survey is a comprehensive study that examines the role of human factors in cybersecurity breaches and defenses. It aims to identify common behaviors, attitudes, and practices that either mitigate or exacerbate cybersecurity risks in organizations.

Who conducts the 2024 Human Risk in Cybersecurity Survey? 

The survey is typically conducted by a consortium of cybersecurity experts, research institutions, and industry organizations. It often involves collaboration with leading cybersecurity firms and academic researchers who specialize in human behavior and cybersecurity.

Why is the 2024 Human Risk in Cybersecurity Survey important? 

Understanding human risk factors is crucial for developing effective cybersecurity strategies. The survey provides valuable insights into how employees’ actions and attitudes impact cybersecurity, helping organizations tailor their training and policies to better protect against threats.

What types of organizations participate in the survey? 

A wide range of organizations participate in the survey, including businesses of all sizes, government agencies, non-profits, and educational institutions. The diversity of participants ensures a comprehensive understanding of human risk across different sectors.

How is the data for the survey collected? 

Data for the survey is collected through various methods, including online questionnaires, interviews, and focus groups. Participants are asked about their cybersecurity practices, awareness levels, and experiences with cybersecurity incidents.

What are some common human risk factors identified in the survey? 

Common human risk factors identified in the survey include poor password practices, lack of awareness about phishing attacks, insufficient training on cybersecurity policies, and complacency towards security protocols. These factors can significantly increase an organization’s vulnerability to cyber threats.

How can organizations use the findings from the survey? 

Organizations can use the survey findings to enhance their cybersecurity training programs, improve their security policies, and implement targeted awareness campaigns. The insights help organizations understand where their employees are most vulnerable and take proactive measures to address these risks.