In the last two years, cybercriminals have capitalized on new opportunities1:
- Loosened security with work-from-home devices
- Severe software vulnerabilities like Log4j2, that were slow to patch
- Cyber war spawned by Russia's invasion of Ukraine and organized nation-state crime rings
These threats are driving more costly, higher-impact data breaches and cyber incidents than ever before, and employees often can be at the center of these breaches and incidents. According to IBM, Ponemon Institute and the FTC:
- The average cost of a data breach is now $4.5 million (compared to $3.5 million last year). It's higher in critical industries, such as utilities and telecommunications, transportation, finance, healthcare and government). It's more than $1 million more costly when remote work is a factor.2
- In the past 12 months, 45% of U.S. companies suffered a successful cyber attack.3
- The median cost for an impacted individual was $3,603 per incident5, according to a recent Harris Poll.
- An employee falling for phishing lures causes 37% of attacks. Phishing is now the costliest cause.1
Given such costly impacts, organizations are proactively finding ways to defend against increased threats, with broader protection of devices and networks to prevent breaches and other costly cybercrime. Yet, an employee's remote workplace and personal devices often remain unprotected, creating a weak link in their IT security posture.
Are security concerns about employees' devices changing?
How much of a security risk are employees' personal devices and digital habits to a business? Employees don't have the same controls on their devices at home as they do in their corporate environment, yet 66% of US employees use personal devices for work.5
Further, executives are 50 times more likely to be a high-valued target because they have the most corporate information and access. Attacks often target personal email accounts and phones, which are less protected. Online personal information helps make impersonation attacks on employees and executives more convincing.
Overall, findings concur that, for most employers, cybersecurity protections are a must-have for their employees and for their families. A current barrier for enhancing their security measures is the cost of protecting all their devices and lack of knowledge.