Skip to content

11 July, 2025

  • Saved Articles
  • My Account
  • Subscribe
  • Log In
  • Log Out

Board Agenda

  • Governance
  • Strategy
  • Risk
  • Ethics
  • News
  • Insight
    • Categories

      • View all
      • Governance
      • Strategy
      • Risk
      • Ethics
      • Board Expertise
      • finance
      • Technology
    • EU sustainability

      Omnibus package must not undermine EU sustainability

      Now is the time for Europe to speed up green transition, rather than slow it...

    • high pay

      Pay gap transparency needs to be better

      It’s not unknown for a CEO to earn 500 times as much the median employee,...

    • executive pay

      Executive pay trends in 2025

      Opposition to remuneration reports has grown sharply, according to Georgeson’s analysis of voting outcomes in...

  • Comment
      • View all
    • EU sustainability

      Omnibus package must not undermine EU sustainability

      Now is the time for Europe to speed up green transition, rather than slow it...

    • high pay Pay gap transparency needs to be better

      It’s not unknown for a CEO to earn 500 times as much the median employee,...

    • future-proof governance levers How to future-proof your business

      For boards to bolster resilience and create value in a polycrisis, a combination of hard...

  • Interviews
      • View All Interviews
      • Podcasts
      • Webinars
    • UK Corporate Governance Code Board meetings ‘are not up to scratch’

      Nearly three-quarters of board members believe the board’s performance in meetings needs improvement, an expert...

    • financial sanctions Tariffs chaos drives boardroom focus on resilience

      Business leaders will prioritise the resilience of their organisations in the face of economic upheaval...

    • supply chain oversight Act now on supply chain oversight, boards warned

      Board directors need to critically engage with the business’s supply chain activity, a panel of...

  • Board Careers
  • Resource Centre
      • White Paper Downloads
      • Book Reviews
      • Board Advisory & Corporate Services
    • C-suite barometer: outlook 2025 – UK insights

      Forvis Mazars draws UK insights from its global study and looks at UK executives’ strategic...

    • Talent Management 2025 Mind Gym

      Talent Management in 2025

      From rethinking leadership to wrestling with AI, MindGym's report reveals the trends shaping talent strategies...

    • Korn Ferry CHRO 2025 (Copy)

      On The Highwire: Being a CHRO in 2025

      Korn Ferry surveyed 750 senior HR leaders (including 450 CHROs) to understand their key priorities...

  • Events
  • Search by topic
    • Governance
    • Strategy
    • Risk
    • Ethics
    • Regulation
    • ESG
    • Investor Relations
    • Careers
    • Board Expertise
    • finance
    • Technology

How to prevent your employees’ mistakes compromising cybersecurity

by Tim Sadler

An alarming 43% of employees have made mistakes with cybersecurity repercussions for themselves or their company. How can firms mitigate this risk?

employee data being stolen in cybersecurity attack

Image: Bloomicon/Shutterstock

Did you know that 43% of UK and US employees have made mistakes that have had in cybersecurity repercussions for themselves or their company? That’s according to Tessian’s latest report, The Psychology of Human Error, which reveals employees admit to accidentally clicking on links in phishing emails and sending information to the wrong person.

While these mistakes may seem trivial on the surface, phishing is the number one threat vector in use today and one in five companies told us they have lost customers as a result of an employee sending an email to the wrong person. So, far from red-faced embarrassment, these mistakes are compromising businesses’ cybersecurity.

Employees are more likely to make mistakes when they are stressed, tired or distracted

Our research shows, however, that we can’t simply blame people for their mistakes. There are a number of factors at play that increase the probability of people making mistakes at work—things like stress, distraction, fatigue and fast-paced working cultures. In fact, a significant number of respondents in our report said they are more likely to make mistakes when they are stressed (52%), tired (43%) or distracted (41%).

So what can leaders do to prevent their employees’ mistakes before they turn into serious security incidents?

Understand employee behaviours

First, reconsider how you deliver cybersecurity training. A one-size-fits-all approach to training won’t work; it needs to reflect the fact that different employees—particularly those of different age groups—use technology and detect and respond to threats in different ways. (We discuss this in more detail with a psychology expert from Stanford University in the report.)

By warning individuals in real time, you can help override impulsive decisions

Second, understand that it’s unrealistic for employees to act as your first line of defence. You cannot expect every employee to spot every scam or make the right cybersecurity decision 100% of the time, particularly when they’re dealing with stressful situations and working in environments filled with distractions.

Instead, learn how stress impacts people’s cybersecurity behaviours and tailor policies and procedures accordingly. Adopt security solutions that understand employee behaviours and alert people, in the moment, to any risks in front of them. By warning individuals in real time you can help override impulsive decisions and make people think twice before they do something they might regret.

To err is human

Third, normalise the reporting of mistakes and remove the shame. For older workers especially, self-presentation and respect are hugely important in the workplace. They may be reluctant to report mistakes because they feel ashamed due to preconceived notions about older generations and technology. In fact, nearly a quarter of over-51s said that, despite making an error, they didn’t report it to their IT team.

Create a security culture that encourages employees to report their mistakes

Data security incidents happen 38 times more often than IT leaders think. Without visibility, mistakes that compromise cybersecurity are happening without IT teams even knowing. Companies need to create a security culture that encourages employees to report their mistakes to IT, and provide clear channels for them to do this.

With remote working here to stay—plus the distractions it comes with—and with hackers continually finding ways to manipulate people into complying with their requests, business leaders must prioritise security at the human layer.

This requires understanding individual employees’ behaviours, learning how stress impacts decision-making and using that insight to tailor training and policies to make safe cybersecurity practices truly resonate for each person. Only by understanding why people make mistakes can you start to prevent the incidents of human error before they turn into security breaches.

Tim Sadler is CEO and co-founder of cybersecurity firm Tessian.

  • Facebook
  • Twitter
  • Google+
  • LinkedIn
  • Mail

Related Posts

  • Experts urge vigilance on cybersecurity amid Russian invasion of Ukraine
    February 28, 2022
    Russian flag in code

    UK and US cybersecurity agencies are among the specialists recommending that companies "bolster their defences" against cyber attacks.

  • Home front: how digitalisation is moving cybersecurity boundaries
    October 20, 2021
    Man working remotely

    The pressure for digital transformation in the wake of Covid-19 is creating new cybersecurity challenges and responsibilities.

  • Technology, cyber risk and ESG top list of business leaders' concerns
    June 8, 2022
    Digital code on skycrapers

    Mazars survey reveals 82% of executives plan to increase investment in IT systems, while 75% plan to boost spending on sustainability.

  • Are you serious about cybersecurity?
    October 3, 2023
    cybersecurity chatbot

    Artificial intelligence chatbot hackers are just the latest in a long list of cyber threats, which are not going away any time soon.

Search


Follow Us

Register Free

Stay in the know! Register to access the latest governance news; plus receive updates about our events and podcasts – Sign up here

 

Most Popular

Featured Resources

wef global risks 2025

The Global Risks Report 2025

The 20th edition of the Global Risks Report reveals an increasingly fractured global...
Supply chain management cover

Strategic Oversight in Supply Chain Management: A Guide for Corporate Boards 2025

Supply chains have become complex, interdependent and opaque and—according to research...
OB-Cyber-Security

Cyber Security: What Boards Need to Know

Maintaining firewalls, protecting servers and filtering malicious emails rarely make...

The IA’S Principles Of Remuneration 2024 2025

This guidance from the Investment Association is aimed at assisting remuneration...
Diligent 2024 leadership tech cover

Leadership, decision-making & the role of technology: Business survey 2024

This research report by Board Agenda and Diligent sheds light on how board directors...

Director Reference Guide: Navigating Conflict in the Boardroom

The 'Director Reference Guide' on navigating conflict in the boardroom provides practical...
Nasdaq 2024 governance report cover

Nasdaq 2024 Global Governance Pulse

This Nasdaq survey gathered data from more than 870 board members, executives, and...

Becoming a non-executive director (4th edition)

Board composition is the subject of much debate, while the role of the non-executive...
art & science brainloop new cover

The Art & Science of Creating an Effective Board

Boards are coming under more scrutiny and pressure than ever before from regulators,...
SAA First time NED guide

First Time Guide for Non-Executive Directors

The role of the non-executive director has never been more vital: to advise, support,...

Register Free

Stay in the know! Register to access the latest governance news; plus receive updates about our events and podcasts. Register


  • Editors & Contributors
  • Editorial Advisory Board
  • Board Advisory & Corporate Services
  • Media Marketing Solutions
  • Contact Us
  • About Us
  • Board Director Network
  • Terms & Conditions
  • Privacy Policy
  • Cookies
|

Copyright © 2025 Questor Media Group Ltd.

  • Terms & Conditions
  • Privacy Policy
  • Sitemap