More than 60% of Australian employees admit to bypassing their employer’s cybersecurity policies for convenience, according to identity security vendor CyberArk. Many also access workplace applications with non-secure personal devices.
The CyberArk 2024 Employee Risk Survey, which polled 14,003 workers across the U.S., U.K., France, Germany, Australia, and Singapore in October 2024, revealed that Australian employees generally comply more with cybersecurity policies than other countries.
However, most are still bypassing cyber policies to make their lives easier. CyberArk found common workarounds among Australian employees, including using one password across multiple accounts, using personal devices as WiFi hotspots, and forwarding corporate emails to personal accounts.
In the report, CyberArk’s CEO Matt Cohen said the overall findings show that “high-risk access is scattered throughout every job role,” potentially putting sensitive organizational data at greater risk.
The CyberArk report found that most Australian employees (80%) access workplace applications — often containing business-critical data — from personal devices that often lack adequate security controls. This rate of personal device usage is significantly higher than the global average of 60%.
Marketing departments were found to be the most likely (94%) to use personal devices to access work applications, followed by IT teams (93%). Concerningly, more than half (52%) of entry-level employees already had access to critical data with the workplace tools they used.
Australian employees were found to be among the slowest globally to install firmware updates or security patches on their personal or BYOD devices upon release by vendors.
Globally, over a third (36%) of employees surveyed said they do not immediately install security patches or software updates for all their personal devices. In addition, 26% disagreed they always use a VPN when they access work resources, increasing the risk of cyberattacks.
