SOUTH African organisations were facing escalating threats due to a lack of risk awareness amongst employees, according to a new pan-EMEA study from Iron Mountain Incorporated.
The data came as leadership teams worldwide focused on “future of work” strategic planning; the insights generated by this survey was said to help operations build long-term resilience in a hybrid working world.
According to the study, nearly half of employees, 47 percent, claimed to have made a “critical” error at work and 13 percent had taken a risk which cost their organisation money.
Despite 9 out of 10, or 89 percent, of employees believing risk management was vital to protecting sensitive information, nearly half (46 percent) still considered it worth taking risks at work, with men more so than women at 51 percent vs 42 percent).
Iron Mountain South Africa managing director Takalane Khashane said we all made mistakes, so risk by definition was an ever-present factor in business.
“But today’s increasingly digital age is seeing increasing risks, which means risk management must constantly evolve. With new business models, hybrid working and the growing threat of cyberattack, it’s now more important than ever to manage employees and internal risks effectively in order to build resilience by design,” Khashane said.
Some 4 out of 10, or 42 percent, of respondents said they had fallen victim to scams or phishing. Despite this, however, Iron Mountain’s research showed that employees were continuing to take security risks as 47 percent used the same password across multiple platforms, 39 percent forgot to lock their laptop when leaving their desk and 23 percent kept their password on a note on their desk.
Importantly, the risks were magnified by hybrid working, particularly when more than a third (37 percent) of employees admitted to being less security conscious at home than at the office.
At a time when the average cost of a data breach had reached $4.24 million (R66m), these trends underlined the importance of effective workplace training, so that every employee rethinks their role in managing risk.
However, the findings were said to also raise questions about the impact of current awareness efforts. Whilst 66 percent of data managers surveyed said that risk training sessions were attended by 50-100 percent of employees, more than a third (36 percent) of workers said they had never received such training.
“An element of risk-taking can enable a business to innovate, but lack of awareness about potential everyday dangers can hinder long-term resilience,” Khashane said.
“We advise empowering every employee to become a risk ambassador by embedding risk awareness within your culture.”
BUSINESS REPORT ONLINE