In a landscape where hybrid work is becoming the norm, a new survey by CyberArk revealed that 65% of employees bypass organisational cybersecurity policies, highlighting growing challenges in maintaining data security across flexible workplaces. The CyberArk 2024 Employee Risk Survey: Harmful Employee Behaviors study, conducted by Censuswide on behalf of CyberArk, surveyed over 14,000 employees who use computers for work in the UK, the US, France, Germany, Australia, and Singapore. The data, collected between October 17 and 25, 2024, identifies several behaviours that increase organisational risk, including the use of personal devices and poor password practices.
According to the survey, common violations by employees include using personal devices as Wi-Fi hotspots and forwarding corporate emails to personal accounts. These actions create vulnerabilities and undermine established security protocols.
“For far too long, the standard approach to workforce access security has been centred around basic controls like authentication via single sign-on,” said CyberArk’s CEO Matt Cohen. “This ignores the reality of the modern worker and the changing nature of identity: the average employee can be a casual workforce user and, the next moment, a privileged account.”
Cohen stated that the findings revealed high-risk access is widespread across all job roles, with bad behaviours prevalent, leading to serious security issues for organisations. He emphasised the urgent need to rethink workforce identity security by ensuring every user is secured with the appropriate level of privilege controls.
Employee behaviour and security risks in the workplace
The report reveals that 80% of employees access workplace applications from personal devices, which often lack enterprise-grade security measures. Privileged access is no longer limited to IT administrators, as 40% of respondents admitted to downloading customer data, 33% can modify critical or sensitive information, and 31% can approve significant financial transactions.
In addition, the growing reliance on artificial intelligence (AI) tools introduces unique challenges. According to the survey, 72% of employees use AI tools for work-related tasks, and 38% acknowledged they rarely or never follow security guidelines when handling sensitive information within these tools. This lack of adherence could lead to the unintended exposure of business-critical data.
Poor password hygiene remains a prevalent issue, with 49% of employees reusing passwords across multiple work-related applications. A further 36% admitted to using the same credentials for personal and professional accounts, increasing the risk of unauthorised access. Additionally, 52% of respondents stated they have shared confidential workplace information with external parties, compounding the risks of data breaches.
Complementary research from CyberArk Labs, titled White FAANG: Devouring Your Personal Data, highlights the risks posed by employees’ online browsing data. The report explains how attackers can exploit detailed internet usage data collected by major technology companies, such as Apple and Meta, to target employees as entry points into corporate systems.
CyberArk recommends implementing robust identity security programmes, including dynamic privilege controls at every user access point, to mitigate these risks. The company also emphasises the importance of fostering employee awareness around secure practices to minimise policy violations and protect sensitive data.
Read more: Majority of APAC employees prefer hybrid work, citing productivity gains
