It’s a horror story that many organizations are familiar with—an employee clicks a link or visits a website, and chaos ensues. At best, it’s just a minor disruption. At worst, business continuity is broken, and an organization’s critical infrastructure is at risk. Regardless of the outcome, managing human risk is a major part of business today.
We know that most users are not risky, but there is a tiny percentage of your workers that carry a high risk. For instance, 76% of users have never clicked a phishing link in an email in contrast to the 4% of users that are responsible for 80% of phishing incidents. Along those same lines, 93% of users have never had a malware incident, while 3% are responsible for 92% of all malware events.
So, while most users aren’t inherently risky, a tiny percentage of users can be considered “high risk.” High-risk users are the top quartile of users in an organization who have had at least one instance of risky behavior or event. These risky users are responsible for:
- 41% of all simulated phishing clicks
- 30% of all real-world phishing clicks
- 54% of all secure-browsing incidents
- 42% of all malware events
So where do risky users hide in organizations? The answer to this question seems to be “everywhere.” However, it’s a little more nuanced than that.
Get the Report: High Risk Users and Where to Find them
Take a look at the newest research report by Cyentia Institute, backed by data from our very own Elevate Security team, High Risk Users and Where to Find Them. This report analyzes nearly eight years’ worth of data—from June 2014 to July 2022, and dives into:
- What makes workers high risk
- What are their riskiest behaviors
- Where those high-risk users spend their time
- What that might mean for your organization’s security
- Identifying the high-risk users in your organization is the first step to minimizing your workforce risk. Elevate Security provides powerful visibility, enabling security teams to identify issues, orchestrate action, and remediate workforce risk before the next incident strikes. Book a demo to see our platform in action.