60% of Australian employees bypass cybersecurity policies for convenience: Survey
A new survey from CyberArk has uncovered a concerning trend among Australian workers: 60% of employees admit to bypassing workplace cybersecurity policies for convenience, a practice that could expose organisations to greater security risks. The findings, highlighted in CyberArk’s 2024 Employee Risk Survey, underscore the ongoing challenges businesses face as they adapt to the modern hybrid work environment.
While Australian workers show slightly more compliance than their global counterparts, many still engage in behaviours that significantly compromise security. One of the most alarming findings is that 33% of respondents reported using the same login credentials for both personal and workplace accounts. This practice increases the likelihood of cyberattacks and breaches, as a compromise in one account could easily lead to a larger security incident across multiple platforms.
Another troubling issue highlighted by the survey is employees’ reluctance to update their systems promptly. A significant portion of workers fails to install security patches on their personal or Bring Your Own Device (BYOD) systems in a timely manner. These delays in patching vulnerabilities leave businesses exposed, particularly as remote and hybrid work arrangements become more common. CyberArk’s recent report, “White FAANG: Devouring Your Personal Data,” reveals how personal online activity can be used by attackers to target organisations, emphasizing the need to address identity security vulnerabilities within workplace systems.
In addition, the survey reveals that the rapid adoption of cloud technologies has intensified the need for stronger security measures. Thomas Fikentscher, CyberArk's area vice president for Australia and New Zealand, noted, “Multi-factor authentication does not offer sufficient protection against fraudulent activity, and organisations should be taking active steps to rethink their workforce identity security.” As more companies turn to cloud platforms, the integration of effective security measures is crucial to safeguard both employee and organisational data.
The survey also highlights a concerning trend in employees’ use of personal devices to access workplace systems. Approximately 80% of workers use their own devices for work, many of which lack robust security features. Furthermore, non-IT employees often have elevated access privileges, with 40% of respondents downloading sensitive customer data and 33% authorised to make large financial approvals. These practices could put critical data and financial resources at risk, creating significant security vulnerabilities.
Password management continues to be another key area of concern. Nearly half of Australian workers reuse credentials across multiple work systems, and 41% admit to sharing confidential workplace data externally. These practices expose businesses to increased risks, especially when sensitive information is shared without proper security protocols.
The rise of artificial intelligence (AI) tools in workplaces introduces yet another layer of complexity. According to the survey, 66% of employees use AI tools for work-related tasks, and some input sensitive data into systems not approved by their employers. Even more concerning, 24% of employees admitted to using AI tools that their organisations neither monitor nor manage, further heightening the risk of data breaches and cyberattacks.
Matt Cohen, CEO of CyberArk, called for a fundamental shift in how organisations approach security. He stated, “These findings show that high-risk access is scattered throughout every job role, and poor security behaviours are widespread. It’s clear that organisations must rethink their approach to workforce identity security, securing every user with the right level of privilege controls to mitigate risks.”
As hybrid work continues to evolve, businesses must address these cybersecurity challenges by reinforcing policies and investing in stronger security infrastructure to protect both employees and critical organisational data.