“Psychology of Human Error” Could Help Businesses Prevent Security Breaches

Several organizations are concerned about human errors that cause accidental exposure of a company’s critical data. A joint study from Stanford University Professor Jeff Hancock and security firm Tessian revealed that nine in 10 (88%) data breach incidents are caused by employees’ mistakes. The study “Psychology of Human Error” highlighted that employees are unwilling to admit to their mistakes if organizations judge them severely.

Understanding the psychology behind human errors helps organizations to know how to prevent mistakes before they turn into data leaks. According to the study, nearly 50% of the employees stated that they are “very” or “pretty” certain they have made an error at work that could have led to security issues to their company.

Young v/s Old Employees

The study also revealed that younger employees are five times more likely to admit to errors, while 50% of employees aged between 18-30 years stated they have made mistakes compared to 10% of workers aged over 51.

“For older generations, self-presentation and respect in the workplace is hugely important. They may be more reluctant to admit they have made a mistake because they do not want to lose face. Businesses, therefore, need to deshame the reporting of mistakes,” Hancock said.

Young Employees are Easy to Phish

The study highlighted that one in four employees (25%) said they have clicked on a phishing email at work. Men are twice as likely as women to fall for phishing scams, with 34% of male respondents stating that they have clicked on a malicious link in a phishing email compared to 17% of women.

Surprisingly, older employees are less vulnerable to phishing scams. Only 8% of workers aged over 51 said they clicked on a phishing link. Around 32% of 31-40-year-old employees admitted the same. “The older generation have, in many ways, the potential tools and mindsets needed for detecting phishing attacks. They have more life experience, and they tend to have strong, close networks, which means they are good at detecting when something does not ‘feel’ quite right. But if you are less experienced with these kinds of attacks, they are going to be harder for you to spot,” Hancock added.

Other Findings include:

• Nearly 45% of respondents cited distraction as the top reason for falling for a phishing scam.
• 57% of remote workers admit they are more distracted when working from home.
• The top reasons for clicking on phishing emails are the perceived legitimacy of the email (43%) and the fact that it appeared to have come from either a senior executive (41%) or a well-known brand (40%).

“Your employees are focused on the job you hired them to do and when faced with to-do lists, distractions, and pressure to get things done quickly, cognitive loads become overwhelming and mistakes can happen,” the study report concluded.