According to a new report, 43% of employees have made mistakes resulting in cybersecurity repercussions for themselves or their company.
The latest findings come from the Psychology of Human Error report from email security firm Tessian, which surveyed 1,000 workers in the UK and 1,000 workers in the US at the height of the coronavirus outbreak in April.
The report delved into how stress, distraction and workplace disruption can cause people to make more mistakes at work.
It found that 20% of companies have lost customers as a result of mistakenly sending an email to the wrong person, which 58% of employees have admitted to doing. A further 10% said they had lost their job after sending an email to the wrong person.
In addition, 25% of respondents admitted to clicking on a link in a phishing email at work. Tech industry workers were the most likely to click on links in phishing emails, with 47% admitting they had done so.
“Being distracted” was the number one reason for making these mistakes, with 47% citing distraction as the top reason for falling for a phishing scam, and 41% citing it the reason they had sent an email to the wrong person.
With 57% of workers admitting they’re more distracted when working from home, the report suggests the “sudden shift to remote-working this year could open employees and businesses up to even more risks caused by human error”.
Other reasons for people clicking on phishing emails included the perceived legitimacy of the email (43%) and the fact they appeared to have come from a senior executive (41%) or a well-known brand (41%).
Fatigue was another factor, with 44% of employees sending an email to the wrong person because they were tired.
The report “urges businesses to understand the impact stress and working cultures have on human error and cybersecurity”, after 52% said they made more mistakes when they were stressed, and 43% said they made them when they were fatigues.
Jeff Hancock, a professor at Stanford University and expert in social dynamics, said: “Understanding how stress impacts behaviour is critical to improving cybersecurity. This year, people have had to deal with incredibly stressful situations and a lot of change.
“And when people are stressed, they tend to make mistakes or decisions they later regret. Sadly, hackers prey on this vulnerability. Businesses, therefore, need to educate employees on the ways a hacker might take advantage of their stress during these times, as well as the security incidents that can be caused by human error.”