All workplaces share the same security threat: the well meaning but careless employee who may be more focused on productivity than protecting the company’s sensitive or confidential information. Often, without thinking of the potential consequences, they leave confidential documents in plain view, share passwords, circumvent security procedures, are duped by phishing scams and transfer sensitive data to the public cloud without company approval.
The Unintentional Insider Risk in United States and German Organizations was conducted by Ponemon Institute and sponsored by Raytheon|Websense. We surveyed 1,071 IT and IT security practitioners in the United States and Germany who understand and are familiar with the security risks created by negligent or careless employees and other insiders in their organizations. Organizations in both countries strive to have a strong security posture. Germany is often on the cutting edge of deploying security technologies and is a strict enforcer of security policies in the workplace.
With this in mind, we wanted to determine if cultural differences in the workplace would impact how German and U.S. IT security practitioners manage this risk. We also thought it would be interesting to study the characteristics of the negligent insider and if they differ between these two countries.
...both German and U.S. IT practitioners agree unintentional employee negligence not only severely diminishes the productivity of the IT function it also causes more security incidents than intentional and malicious acts.
We also determined that it can cost a U.S. company as much as $1.5 million and a Germany company €1.6 million in time wasted responding to security incidents caused by human error. Moreover, if a data breach should happen because of negligence, the average cost per record in the U.S. is $198 and €145 in Germany.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program