Over 60% of Australian employees admit they bypass their employer’s cybersecurity policies for convenience, according to CyberArk. Many use their personal devices to access workplace applications without adequate security.
In CyberArk’s 2024 Employee Risk Survey, which surveyed 14,003 workers from various countries, Australian employees showed slightly better compliance with cybersecurity measures than in other regions. Still, the tendency to cut corners remains strong. Common workarounds include reusing passwords across accounts, using personal devices as WiFi hotspots, and forwarding corporate emails to personal accounts.
Matt Cohen, CyberArk’s CEO, pointed out that risky access exists across all job roles, which heightens the risk to sensitive organizational data. The report revealed that 80% of Australian employees use their personal devices to access workplace applications that often contain critical business data. This figure is much higher than the global average of 60%. Marketing departments topped the list, with 94% of employees using personal devices, closely followed by IT teams at 93%. Alarmingly, over half of entry-level workers already have access to sensitive information.
Australian employees also rank among the slowest globally to install security updates on their devices. While 36% of people worldwide do not update their devices promptly, 26% of Australians admitted they don’t always use a VPN when accessing work resources, increasing their vulnerability to cyberattacks.
The report highlights widespread privileged access, allowing employees to perform actions that could be exploited by attackers. Globally, 40% of respondents habitually download customer data, 33% can alter sensitive data, and 30% can authorize large financial transactions.
Password reuse is another issue. In Australia, 33% of employees use the same credentials for personal and work applications. Globally, 41% have shared confidential workplace information with outsiders, raising the stakes for potential security breaches.
CyberArk also noticed a global trend of prioritizing productivity over cybersecurity, with 20% of employees using personal devices as Wi-Fi hotspots, 18% avoiding updates due to time constraints, and 17% forwarding corporate emails to personal accounts.
As for AI tools, over 66% of Australian employees use them. However, nearly 25% admitted to using unmanaged AI tools, which raises questions about data security. Furthermore, 33% reported they either only sometimes or never adhere to guidelines when handling sensitive data with AI.
With the shift towards cloud workflows, experts like Thomas Fikentscher from CyberArk warn that post-authentication breaches are likely to increase. Organizations should not rely solely on multi-factor authentication for security and need to adopt solutions that empower rather than hinder employees. As AI usage rises, security teams must adapt their strategies to include AI considerations in their future security controls.
