A staggering 78% of employees in professional services admit to breaching cybersecurity protocols, exposing a critical vulnerability in an industry already under siege from escalating cyber threats.
The professional services sector faces an alarming disconnect in cybersecurity confidence between employees and those responsible for managing cyber risks. A recent report by e2e-assure sheds light on a critical issue: the sector’s overconfidence in its cyber defenses is leaving organizations vulnerable to evolving threats.
Professional Services, in particular, has emerged as the most targeted industry for cyberattacks, with 94% of cyber risk owners reporting that they had experienced an attack—an alarming rise from 77% just a year prior. Meanwhile, 88% of employees admitted to being victims of workplace cyber incidents.
Despite these stark realities, there is a troubling disparity in confidence levels. A staggering 92% of cyber risk owners in the sector believe their organizations are secure, compared to only 15% of employees who share this sentiment. Furthermore, 78% of employees have witnessed colleagues breach cybersecurity protocols, yet only 6% believe that cybersecurity is a collective responsibility.
Artificial intelligence (AI) is rapidly transforming the business landscape, but its adoption within Professional Services is fraught with risk. The report reveals that employees in this sector are the most frequent users of OpenAI tools, with 31% using them weekly and 26% monthly. However, this enthusiasm is coupled with a worrying lack of awareness—50% of employees admit they do not know their organization’s AI policies.
Cyber risk owners recognize the dangers, with 82% expressing concerns about AI’s potential to introduce vulnerabilities. Yet, 88% are confident in their existing AI policies. This overconfidence, combined with employees’ ignorance of these policies, creates blind spots in cybersecurity defenses. Unmonitored AI usage could lead to unauthorized access, data breaches, and compromised client information.
The report also highlights significant shortcomings in employee training. While 85% of cyber risk owners claim their workers are engaged in cybersecurity training, only 11% of employees describe themselves as “very engaged.” Even more concerning, 41% of employees stated they receive no training or disciplinary action after causing a cyber breach.
This lack of engagement is compounded by ineffective training methods. More than 70% of employees indicated they would be more likely to participate in cybersecurity training if it focused on personal security or real-life scenarios.
The disconnect between cyber risk owners and employees, however, extends beyond training and technology. Leaders within the sector appear overconfident in their defenses, with 92% stating they feel their organizations are secure. This confidence starkly contrasts with employees’ firsthand experiences of policy breaches and insufficient training.
The Professional Services sector is uniquely service-driven, with employees prioritizing client needs over security protocols. This client-centric mindset, while valuable, often leads to shortcuts and risky behavior, such as using unauthorized software to meet deadlines.
To address these challenges, the report offers actionable recommendations: