Study Shows Majority of Workforce Lacks Privacy and Security Awareness

by | Oct 11, 2017

According to a recent study by MediaPro, a provider of privacy and security awareness training, best practices for privacy and security are still not well understood by 70% of U.S. employees.

For the study, MediaPro questioned 1,012 U.S. workers and posed them a range of questions to determine their understanding of privacy and security, whether they adhered to industry best practices, and to find out what sorts of risky behaviors they engage in. 19.7% of respondents came from the healthcare sector – the best represented industry in the study.

Respondents were scored on their overall privacy and security awareness scores, being sorted into categories as a hero, novice, or a risk to their group. 70% of respondents were categorized as a novice or danger. In 2016 when the study was conducted, 88% of U.S. workers were rated as a novice or risk.

In 2016, only 12% of respondents ranked as a hero. This year the percentage grew to 30% – a good sign that some employees have responded to training and are taking more care at work. Alarmingly, while the percentage of novices dropped from 72% last year to 51% in 2017, the number of workers classed as a risk increased from 16% in 2016 to 19% this year.

Tom Pendergast, chief strategist for security, privacy, and compliance at MediaPro explained that in the risk category, there are two areas that have been constantly poor over the past two years: Physical security and safe remote working/mobile computing. In the mobile computing category, one of the biggest dangers was connecting to insecure Wi-Fi networks. The percentage of respondents that admitted doing this grew from 45% last year to 62.3% this year – overall, 19% of respondents said they use risky practices when working remotely.

The overall scores across six of the eight categories being tested improved year over year, with notable improvements in locating malware and phishing threats, reporting incidents, working from remote locations, identifying personal information and cloud computing.

The two areas where there was drop were physical security, like allowing individuals into a facility without checking identification, and social media security, like as posting personal and sensitive company information on social media accounts.

Perhaps the biggest danger faced by groups today is phishing. Phishing emails are the main method of delivering malware and ransomware and stealing sensitive information such as login credentials.

Respondents were asked about their phishing awareness and were shown four emails, which they were asked to score as legitimate or phishy. 8% of respondents were unable to recognize the phishing emails properly. Out of the phishing emails tested, the email offering a stock tip from a well-known investor tricked the most respondents. 92% of respondents were able to recognize a phishing email with a potentially dangerous attachment, up from 75% last year.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy