Thought leadership

Is Human Activated Risk a Real Concern?

Study says so with more than half of respondents indicating their non-technical staff are either just somewhat or not at all prepared for a security attack.
Published on 6th Apr 2022
Study says so with more than half of respondents indicating their non-technical staff are either just somewhat or not at all prepared for a security attack.
Compliance Training 1440X253

First off, what is human activated risk? Human activated risk is introduced by human behaviors or actions, through coercion by bad actors, human error or malicious intent. The interaction between people and technology is rarely perfect. Technology can malfunction or not work as it’s supposed to, but in many cases, the fault is with the person operating it. Whether through carelessness, malicious intent, or being tricked by a third party, humans can knowingly and unknowingly create massive amounts of risk that security teams need to manage. 

We surveyed 600 IT security leaders across a broad range of industries to better understand their understanding of Human Activated Risk and, in turn, their organizations' security posture in this enhanced threat environment. More than half of respondents (56%) feel their non-technical staff are either just somewhat prepared, or not at all prepared for a security attack. 

Many organizations seem to be taking the approach of bringing more software in to address problems beyond their control and hoping it gets better, with more than 39% of organizations having 6 or more security solutions deployed. Additionally, 77% of respondents have seen an increase in security compromises since going remote 2 years ago, creating more risk to dispersed, virtual organizations. 

Other significant research findings include: 

  • 30% of IT leaders polled either don't have or don't know if their organization has a solution to detect accidental data loss from misdirected emails. 
  • 60% of the survey respondents feel the active security they have in place still presents them with a challenge. 
  • Almost 30% of those polled (+/- 180 IT leaders) don't understand what human activated risk is.

The top attacks by rank are: 

  1. Accidental data loss via human error
  2. Employee spear phishing 
  3. Business email compromise 

The takeaway is that human activated risk can be both innocent and malicious, the result of not paying attention to an action before completing or deliberately using information for mal-intent. In today’s fragile, global world, organizations truly need to prioritize defending against human activated risk. While cybersecurity teams need to continue to reinforce education, they also have to make sure the technology they bring into an organization is relevant and will help reduce risk. 

Read more about Egress’ take on Human Activated Risk.

About Egress

Our mission is to eliminate the most complex cybersecurity challenge every organization faces: insider risk. We understand that people get hacked, make mistakes, and break the rules. To prevent these human-activated breaches, we have built the only Human Layer Security platform that defends against inbound and outbound threats. Using patented contextual machine learning we detect and prevent abnormal human behavior such as misdirected emails, data exfiltration, and targeted spear-phishing attacks.

Used by the world’s biggest brands, Egress is private equity backed and has offices in London, New York, and Boston.