CyberArk, a leader in identity security, has unveiled findings from its 2024 Employee Risk Survey, examining risky employee behaviors and their impact on organizational security. Covering over 14,000 employees across six countries, the report emphasizes the urgency of shifting from basic access management to dynamic privilege controls, especially in the era of hybrid work and AI adoption.
Key Findings from the CyberArk 2024 Survey
1. Widespread Access to Sensitive Information
- Access on Personal Devices:
- 80% of employees access workplace applications containing critical data from personal devices that lack proper security controls.
- Expanded Privileged Access:
- 40% of employees routinely download customer data.
- A third can alter critical data.
- Over 30% have the ability to approve large financial transactions.
2. Risky Password Practices
- Password Reuse:
- 49% reuse credentials across multiple work applications, and 36% use the same credentials for personal and work accounts.
- Sharing Sensitive Information:
- Over half (52%) have shared confidential workplace data with external parties.
3. Cybersecurity Policy Violations
- Policy Bypasses:
- 65% of employees admit to bypassing cybersecurity policies for convenience, such as using personal devices for work or forwarding corporate emails to personal accounts.
4. Security Risks with AI Tools
- AI Usage:
- 72% of employees use AI tools at work, often without adhering to data-handling guidelines.
- 38% report inconsistent compliance with sensitive data guidelines when using AI.
New Research: Risks from Online Histories
CyberArk Labs’ “White FAANG: Devouring Your Personal Data” highlights how individual browsing histories—stolen from platforms like Apple or Meta—can be leveraged as attack vectors against employers. This underscores the dual risk to personal and organizational security.
Call to Action: Enhancing Identity Security
The findings highlight the need for organizations to adopt robust identity security measures, including dynamic privilege controls, to mitigate risks associated with:
- Casual and privileged access across roles.
- Poor password practices and policy violations.
- Risks introduced by AI adoption and personal browsing histories.
Matt Cohen, CyberArk CEO, stresses the importance of securing every user with appropriate privilege controls, noting that modern workforce security demands more than basic access management.
Business Wire, a Berkshire Hathaway company, is the global leader in press release distribution and regulatory disclosure. Public relations, investor relations, public policy and marketing professionals rely on Business Wire for secure and accurate distribution of market-moving news and multimedia. Founded in 1961, Business Wire is a trusted source for news organizations, journalists, investment professionals and regulatory authorities, delivering news directly into editorial systems and leading online news sources via its multi-patented NX network. Business Wire’s global newsrooms are available to meet the needs of communications professionals and news media worldwide.
