Distraction, stress and convincing fakes are why staff fall for phishing, study suggests

Distraction, stress and fatigue are big reasons why employees make bad cybersecurity decisions, according to a vendor-sponsored report released this morning.

Fifty-two per cent of the 2,000 respondents in the U.S. and the United Kingdom said, in general, they make more mistakes when they are stressed, tired (43 per cent), distracted (41 per cent), working quickly (36 per cent) or burned out (26 per cent).

A quarter of the respondents said that at some point during their career they’ve clicked on a link in a phishing email at work.

Of those, nearly half of respondents (45 per cent) cited distraction as the top reason for falling for a phishing scam. Other reasons were the email looked legitimate (43 per cent), it was supposedly from a senior executive (41 per cent), it was supposedly from a respected brand (41 per cent), followed by “I was tired,” and “I wasn’t paying attention.”

The study, called the Psychology of Human Error, was sponsored by email security vendor Tessian Ltd.


Errors blamed for 21 per cent of data breaches

Among other things, it suggests the increasing number of people working from home because of the COVID-19 pandemic may lead to more cyber incidents. Just over half (57 per cent) of respondents agreed they feel more distracted when they work from home.

“Understanding how stress impacts behaviour is critical to improving cybersecurity,” wrote Jeff Hancock, a Stanford University professor of communications and an author of the report. “In 2020, people have experienced extremely stressful situations that have affected their health and finances, against a backdrop of political uncertainty and social unrest, while simultaneously juggling the demands of their jobs. It’s been overwhelming.

“The problem is that when people are stressed and distracted, they tend to make mistakes or decisions they later regret. And sadly, hackers prey on this vulnerability. Businesses need to educate employees on how hackers might take advantage of their stress and explain the scams people could be susceptible to.”

Graphic from Tessian report

The report also found some gender and demographic differences among respondents. Men who were questioned were twice as likely as women to fall for phishing scams, with 34 per cent of male respondents saying they have clicked on a link in a phishing email versus just 17 per cent of women. “While researchers do not fully understand why gender difference is a factor in phishing attacks, it is known that men – on average – are more likely to take risks than women. This could explain why men are more likely to click on links in phishing emails,” the report says,

Younger workers were five times more likely to admit to errors that compromised their company’s cybersecurity than older generations, with half of 18-30 years olds saying they’ve made such mistakes versus just 10 per cent of workers over 51.

“Cybersecurity training needs to reflect the fact that different generations have grown up with technology in different ways,” said Tim Sadler, CEO and co-founder of Tessian.  “It is also unrealistic to expect every employee to spot a scam or make the right cybersecurity decision 100 per cent of the time. To prevent simple mistakes from turning into serious security incidents, businesses must prioritize cybersecurity at the human layer. This requires understanding individual employees’ behaviours and using that insight to tailor training and policies to make safe cybersecurity practices truly resonate.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now