Bored workers are your biggest security risk
Being overworked and excessive policies are other reasons employees slip up


Unengaged employees are causing a huge security risk for businesses according to Centrify, as they become bored and make mistakes.
The security company polled 165 employees at the Infosec conference, asking what IT leaders view as the biggest contributing factors to security slip-ups.
It revealed 35% of people think distraction and boredom are the main causes of human error, which could have detrimental effects on a company's security. Other big reasons employees make mistakes include being overworked (19%), excessive policies and need for compliance (5%) and social media (5%).
However, more than half of those asked about security in their organisation said they fully expect their business will, in future, trust technology more than humans, putting them in charge of security to make sure human error isn't responsible for data breaches.
"It's interesting that the majority of security professionals we surveyed are confident that businesses will trust technology enough to replace people so that fewer mistakes are made at work, yet on the other hand firmly put the responsibility for data security in the hands of employees rather than technology," said Andy Heather, VP and managing director for EMEA at Centrify.
"It seems that we as employees are both responsible and responsible so responsible for making mistakes and responsible for avoiding a potential data breach. It shows just how aware we need to be at work about what we do and how we behave when it comes to our work practices in general and our security practices in particular."
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives

Clare is the founder of Blue Cactus Digital, a digital marketing company that helps ethical and sustainability-focused businesses grow their customer base.
Prior to becoming a marketer, Clare was a journalist, working at a range of mobile device-focused outlets including Know Your Mobile before moving into freelance life.
As a freelance writer, she drew on her expertise in mobility to write features and guides for ITPro, as well as regularly writing news stories on a wide range of topics.
-
M&S suspends online sales as 'cyber incident' continues
News Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
By Ross Kelly
-
Manners cost nothing, unless you’re using ChatGPT
Opinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
By Ross Kelly
-
PyPI attack: Targeting of repository 'shows no sign of stopping'
News Greater collaboration and understanding of attackers’ tactics is key to mitigating open source security threats
By Ross Kelly
-
Capita's handling of cyber attack shows companies still fail at breach reporting
Analysis Capita initially told customers there was “no evidence” of data having been compromised in the March cyber attack
By Ross Kelly
-
Malware being pushed to businesses by search engines remains a pervasive threat
News High-profile malvertising campaigns in recent months have surged
By Ross Kelly
-
There's only one way to avoid credential stuffing attacks
Opinion PayPal accounts were breached last year due to a credential stuffing attack, but can PayPal avoid taking responsibility?
By Davey Winder
-
Five things to consider before choosing an MFA solution
In-depth Because we all should move on from using “password” as a password
By Rene Millman
-
Cyber security suffers from a communication problem
News Negative language around ‘human failures’ is eroding trust between security teams and broader business functions - it has to stop
By Ross Kelly
-
Does LastPass really deserve a last chance?
Opinion After several disastrous security incidents and a communications breakdown, it’s time to leave LastPass for pastures new
By Ross Kelly
-
What is the spell-jacking vulnerability and how can your business avoid exposing data?
In-depth Spell-jacking vulnerabilities are threatening to unwittingly leak data to third parties, undermining any drive to protect privacy
By Davey Winder