Thought leadership

Is Human Activated Risk a Real Concern?

Study says so with more than half of respondents indicating their non-technical staff are either just somewhat or not at all prepared for a security attack.
by Egress
Published on 6th Apr 2022

First off, what is human activated risk? Human activated risk is introduced by human behaviors or actions, through coercion by bad actors, human error or malicious intent. The interaction between people and technology is rarely perfect. Technology can malfunction or not work as it’s supposed to, but in many cases, the fault is with the person operating it. Whether through carelessness, malicious intent, or being tricked by a third party, humans can knowingly and unknowingly create massive amounts of risk that security teams need to manage. 

We surveyed 600 IT security leaders across a broad range of industries to better understand their understanding of Human Activated Risk and, in turn, their organizations' security posture in this enhanced threat environment. More than half of respondents (56%) feel their non-technical staff are either just somewhat prepared, or not at all prepared for a security attack. 

Many organizations seem to be taking the approach of bringing more software in to address problems beyond their control and hoping it gets better, with more than 39% of organizations having 6 or more security solutions deployed. Additionally, 77% of respondents have seen an increase in security compromises since going remote 2 years ago, creating more risk to dispersed, virtual organizations. 

Other significant research findings include: 

  • 30% of IT leaders polled either don't have or don't know if their organization has a solution to detect accidental data loss from misdirected emails. 
  • 60% of the survey respondents feel the active security they have in place still presents them with a challenge. 
  • Almost 30% of those polled (+/- 180 IT leaders) don't understand what human activated risk is.

The top attacks by rank are: 

  1. Accidental data loss via human error
  2. Employee spear phishing 
  3. Business email compromise 

The takeaway is that human activated risk can be both innocent and malicious, the result of not paying attention to an action before completing or deliberately using information for mal-intent. In today’s fragile, global world, organizations truly need to prioritize defending against human activated risk. While cybersecurity teams need to continue to reinforce education, they also have to make sure the technology they bring into an organization is relevant and will help reduce risk. 

Read more about Egress’ take on Human Activated Risk.

About Egress

As advanced persistent threats continue to evolve, we recognize that people are the biggest risk to organizations’ security and are most vulnerable when using email.

Egress is the only cloud email security platform to continuously assess human risk and dynamically adapt policy controls, preparing customers to defend against advanced phishing attacks and outbound data breaches before they happen. Leveraging contextual machine learning and neural networks, with seamless integration using cloud-native API architecture, Egress provides enhanced email protection, deep visibility into human risk, and instant time to value.

Trusted by the world’s biggest brands, Egress is private equity backed with offices in London, Sheffield, Cheltenham, New York, Boston, and Toronto.