Securing the human: Employee security vulnerability risk in organizational settings

As organizational security breaches increase, so too does the need to fully understand the human factors that lead to these breaches and take the necessary steps to minimize threats. The present study evaluates how three sets of employee characteristics demographic, company-specific, and skills-based predict an employee's likelihood of becoming a security breach victim. In order to move beyond traditional evaluations of security threats, which generally consider security threats individually, analyses in this paper approach security vulnerability from a more holistic approach to analyze four risk categories concurrently: phishing, passwords, bring your own device BYOD, and company-supplied laptops. Findings from a survey of 250 employees at a medium-sized American information technology IT consulting firm identify higher-risk employees across the four risk areas and provide new insights into the challenges organizations face when trying to ensure the protection of company data.