IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Just 3% of employees cause 92% of malware events

Staff putting their companies at risk from phishing, malware, and insecure browsing are often repeat offenders

A small group of employees is typically responsible for most of the digital risk in an organization, according to research released today.

The report, from cybersecurity company Elevate Security and cyber security research organization Cyentia, also found that those putting their companies at risk from phishing, malware, and insecure browsing are often repeat offenders.

The research found that 4% of employees clicked 80% of phishing links, and 3% were responsible for 92% of malware events.

Four in five employees have never clicked on a phishing email, according to the research. In fact, it asserts that half of them never see one, highlighting the need to focus anti-phishing efforts on at-risk workers.

The malware that phishing and other attack vectors deliver also affects a small group of employees. The research found that 96% of users have never suffered from a malware event. Most malware events revolve around the 3% of users who suffered from two malware events or more, reinforcing the notion that security awareness messages just aren't getting through to some.

A small handful of users is also responsible for browsing risky websites. 12% of users tried to visit sites that violate their organization's browsing policy at least 750 times each in a year, causing security systems to block the session. These users accounted for 71% of all browsing violations.

Related Resource

Improve security and compliance

Adopting an effective security and compliance risk management approach

Whitepaper cover with image of a shield with red outline, red numbers 1s & 0s, red cubes and white cloud outlinesFree Download

Illicit browsers aren't always the same people responsible for phishing emails and malware. The report found 9% of users exhibiting high risk in only one category, and only 0.052% of users falling into the high-risk category for all three activities.

Companies can mitigate human error by including technical controls to block malicious emails, but performance here is mixed. Almost one in five (17%) of departments blocked no malware.

Departments were either very good or very bad at blocking phishing emails. More than half of departments block 95% of these mails, while one in ten block almost none. Those that receive the most phishing emails per year are more likely to block them.

The report found that block rates for both phishing emails and malware are not uniform within organizations. Individual departments have varying success rates at stopping digital toxins.

"Simply making controls available or even requiring them isn’t enough," the report said. "Organizations have to be willing to also measure whether those controls are doing what they are supposed to be doing."

Featured Resources

The 3D skills report

Add 3D skills to your creative toolkits and play a sizeable role in the digital future

Free Download

The increasing need for environmental intelligence solutions

How sustainability has become a major business priority and is continuing to grow in importance

Free Download

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

Solve global challenges with machine learning

Tackling our word's hardest problems with ML

Free Download

Most Popular

Why energy efficient technology is key to a sustainable business
Sponsored

Why energy efficient technology is key to a sustainable business

16 Jan 2023
Yandex data breach reveals source code littered with racist language
data breaches

Yandex data breach reveals source code littered with racist language

30 Jan 2023
Dutch hacker steals data from virtually entire population of Austria
data breaches

Dutch hacker steals data from virtually entire population of Austria

26 Jan 2023