Nearly a third (29 per cent) of businesses have lost a client or customer as a result of sending an email to the wrong person, reveals new data contained in the latest edition of Tessian’s Psychology of Human Error report.
The latest report, which comes 18 months after Tessian’s 2020 edition, revealed that two in five respondents (40 per cent) have sent work emails to the wrong person, and 39% of employees have sent an email with the wrong attachment in the last 12 months.
While the percentage of employees who have sent emails to the wrong person has dropped since July 2020 (by 8 per cent), the report found that the consequences of making mistakes that compromise cybersecurity have become more severe.
The percentage of people who said their business lost a customer or client due to them sending an email to the wrong person went up from 20 per cent in 2020 to 29 per cent in 2021. In addition, 21 per cent of employees said they lost their job after making the error - up from 12 per cent reported in 2020.
As well as reporting the accidental data loss to their customers - something 35 per cent of respondents said they did - businesses also had to report the incidents to regulators. In fact, the number of breaches reported to the ICO, caused by data being sent to the wrong person on email, was 32% higher in the first nine months of 2021 than the same period in 2020.
With harsher consequences in place, Tessian’s report reveals fewer employees are reporting their mistakes to IT. One in five (21%) didn’t report security incidents, versus 16% in 2020, resulting in security teams having less visibility of threats in their organisation.
To Josh Yavor, Chief Information Security Officer at Tessian, businesses need to encourage employees to admit to mistakes, free of shame. He said:
“Rewards are far more effective than punishment. If employees feel uncomfortable in reporting security mistakes, security teams will never have full visibility into these threats. So rather than scaring employees into compliance, encourage employees to engage with security by creating positive security experiences so that you can cement a partnership mindset between security teams and staff. Those positive incentives will help combat security nihilism and build strong security cultures.”
When asked why emails were sent to the wrong person, 50 per cent of employees said they were under pressure to send the email quickly – up from 34 per cent in 2020. Nearly half of respondents (49 per cent) said it was because they weren’t paying attention, versus 36 per cent in 2020, while 47 per cent said they were distracted - up from 41% in 2020.
Academics who contributed to the report suggest these increases in mistakes caused by stress and distraction could be linked to changes to working environments over the past 18 months.
Jeff Hancock, Harry and Norman Chandler Professor of Communication at Stanford University explained:
“With the shift to hybrid work, people are contending with more distractions, frequent changes to working environments, and the very real issue of Zoom fatigue - something they didn’t face two years ago. You also have to consider the impact that the Great Resignation is having on people’s workloads. When stressed, distracted and tired, people’s cognitive loads become overwhelmed and that’s when mistakes happen. Businesses, therefore, need to understand how factors like stress affect people’s cybersecurity behaviours and take steps to support employees so that they can work productively and securely.”