Professors find human cybersecurity firewall is failing in businesses across the country

Second Annual Employee Threat Readiness Survey finds employees and their companies are vulnerable due to a lack of awareness and training

A survey of 800 workers across the country has found that despite two years of media attention surrounding the hacking of government and private organizations, U.S. companies and their employees are not adequately addressing cybersecurity vulnerabilities.

The data was released today by UMass Dartmouth Associate Professor Tim Shea (Decision & Information Sciences) and Professor Steven White (Management & Marketing), creators of the Annual Employee Threat Readiness Survey. The goal of the survey is to gauge how well companies are managing the cybersecurity risk that their employees' online behavior creates. The survey focuses on employee awareness, training, and competence in managing daily cybersecurity risks.

“The ‘Human Firewall’, the everyday employees of a company, represent over half of the multi-trillion dollar problem with cybersecurity in our companies," Shea said. "Far too many employees do not understand that and are not getting the training they need to combat it.”

In the digital age where a single click by a single person can compromise an entire organization’s system, key findings of the survey include:

  •  75% of respondents said their employer considers cybersecurity important leaving 25% vulnerable to an attack that could compromise an entire system.
  • 70% of employees agree their company provides easy access to support to any cyber-safety questions they have, meaning 30% disagree.
  • 70% also agree there is a clearly defined process for reporting suspected security breaches, again 30% of the employees do not agree.    

“The results are clear: we humans are the weakest link in the cybersecurity chain," White said. "Email and social phishing work. Each employee plays an important role in the cybersecurity of his or her employer. As hacking attempts become more sophisticated, so too should the training provided to employees. Any other course of action is irresponsible.”

The data from the Annual Employee Threat Readiness Survey confirms that while companies are working to reduce employee-related cybersecurity risk, more awareness and training is needed.


Charlton College of Business, News and Public Information