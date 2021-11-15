Risk management requires a rethink

Organisations throughout South Africa are facing escalating threats due to a lack of risk awareness amongst employees, according to a new pan-EMEA study from Iron Mountain.

According to the study, nearly half of employees (47%) claim to have made a “critical” error at work, and 13% have taken a risk which cost their organisation money.

Despite nine out of 10 (89%) of employees believing risk management is vital to protecting sensitive information, nearly half (46%) still consider it worth taking risks at work – men more so than women (51% versus 42%).

“We all make mistakes, so risk – by definition – is an ever-present factor in business,” says Takalane Khashane, MD of Iron Mountain South Africa. “But today’s increasingly digital age is seeing increasing risks, which means risk management must constantly evolve.

“With new business models, hybrid working and the growing threat of cyberattack, it’s now more important than ever to manage employees and internal risks effectively in order to build resilience by design.”

Four out of 10 (42%) of respondents say they have fallen victim to scams or phishing. Despite this, however, Iron Mountain’s research shows that employees are continuing to take security risks:

* 47% use the same password across multiple platforms;

* 39% forget to lock their laptop when leaving their desk; and

* 23% keep their password on a note on their desk.

Importantly, the risks are magnified by hybrid working, particularly when more than a third (37%) of employees admit to being less security conscious at home than at the office.

At a time when the average cost of a data breach has reached $4,24-million, these trends underline the importance of effective workplace training, so every employee rethinks their role in managing risk.

However, the findings also raise questions about the impact of current awareness efforts. Whilst 66% of data managers surveyed said that risk training sessions are attended by 50-100% of employees, more than a third (36%) of workers said they have never received such training.

“An element of risk-taking can enable a business to innovate, but lack of awareness about potential everyday dangers can hinder long-term resilience,” adds Khashane.

“We advise empowering every employee to become a risk ambassador by embedding risk awareness within your culture.”