Human error poses big cyber risks for small businesses

April 30, 2024
1 min read

TLDR:

Human factors, such as lack of awareness, training, and policy adherence, pose significant cyber risks for smaller businesses. Despite this, only 3 out of 10 leaders believe their company faces a high cybersecurity risk. Phishing attacks, cloud vulnerabilities, and data loss from ransomware are top threats. Younger workers are more likely to break policies, with Gen Z professionals twice as likely to write down passwords. IT leaders stress the importance of password management, with 73% using a password manager at work. Organizations have increased attention and budgets for cybersecurity.

Key Points:

  • Human factors pose significant cyber risks for smaller businesses
  • Only 3 out of 10 leaders believe their company faces a high cybersecurity risk
  • Phishing attacks, cloud vulnerabilities, and data loss from ransomware are top threats
  • Youthful employees, particularly Gen Z, are more likely to break security policies
  • Password management is crucial, with 73% of IT leaders using a password manager at work
  • Organizations have increased attention and budgets for cybersecurity

A survey by LastPass and InnovateMR reveals that cyberattacks targeting smaller businesses have increased, with phishing attacks, cloud vulnerabilities, and data loss from ransomware being identified as top threats in the next year. Despite this, only 30% of leaders believe their company faces a high cybersecurity risk. There is a disconnect between IT and non-IT leaders in terms of employee awareness and policy adherence, with around 20% of business leaders admitting to circumventing security policies. Password management is highlighted as critical, with 73% of IT leaders emphasizing its importance and nearly half reporting recent breaches due to compromised passwords.

Younger employees are more likely to break security policies, with Gen Z professionals being twice as likely to physically write down passwords. Despite this, 90% of IT leaders and 80% of non-IT leaders report increased attention to cybersecurity in the past year, with 82% increasing budgets. It is clear that there is a need for better education and policy enforcement around password management and cybersecurity practices to address vulnerabilities in smaller businesses.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and