SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Despite cybersecurity training 85% of employees still reuse passwords - report
Wed, 11th Aug 2021
FYI, this story is more than a year old

According to new research, nearly two-thirds of employees use personal passwords to protect corporate data and vice versa. And business leaders are finding this increasingly concerning.

The research conducted by identity and access management company My1Login found that 97% of employees know what constitutes a strong password, yet over half (53%) admit to not always using one.

My1Login surveyed 1,000 employees and 1,000 business leaders to compare employees' real-world experience, opinions, and outlook to security at work, alongside the expectations and views of business leaders across various industries.

The company found that 85% of employees are still reusing passwords across business applications after receiving training, in contrast to 91% of employees who haven't received any cybersecurity training.

It would seem training is making a negligible difference to how employees are protecting corporate data. This highlights that corporate security is at risk of being compromised, even for the organisations that invest in training.

"Poor password habits make cyber criminals' lives far easier, offering a gateway into organisations and enabling them to conduct damaging, far-reaching cyber-attacks," says My1Login CEO, Mike Newman.

"From creating weak passwords to reusing them across applications, employees consistently struggle to maintain good password hygiene.

"Finding that cybersecurity training is not having the desired effect, despite significant investment from leaders into helping employees improve their security behaviour, is very concerning. Employees find the process of juggling a variety of passwords frustrating, and this negativity is translating into negligent password practices due to a lack of motivation."

Regarding industry-specific findings, employees in the healthcare sector are particularly prone to reusing passwords, with 94% saying they've done so. Employees in education and the public sector also reuse passwords, with 91% of respondents admitting having done so in education and 83% in the public sector.

The research found all three sectors to have the highest use of personal passwords for business applications, with 75% in education and 61% in healthcare and public sector, considerably higher than employees in technology (45%).

"Instead of relying on training to change employees' behaviour around the protection of corporate data, business leaders need to take the responsibility out of the hands of employees as much as possible," says Newman.

"An authentication management solution which offers a passwordless single sign-on experience does just that, alleviating the burden placed on employees and elevating productivity and wellbeing, in addition to placing leaders back in control of their organisation's security."