Permacrisis year leaves tech workers distracted and careless

Tech workers are nearly twice as likely as those in other industries to find distractions make it hard to care about their jobs, and are more than three times as likely to do the bare minimum around security, according to new research.

The data emerged in security and privacy company 1Password’s annual State of Access Report, Distraction on overdrive: Security in a time of permacrisis, based on a survey of 2,000 North American workers. The report explores employees' sentiments and behaviours around cybersecurity and other critical aspects of modern work amid persistent global crises this year, coined 'permacrisis.' 

The findings reveal that sustained burnout, now paired with high levels of distraction, has critical implications for workplace security.

"While we hope the worst of the pandemic is behind us, world events continue to unsettle and distract employees. Mishaps are inevitable – it's not a case of if world distractions will make employees more vulnerable to human error, it's a matter of when," says Jeff Shiner, CEO of 1Password. 

"That's why it's vital that businesses take security off people's plates by implementing seamless systems that eliminate the need for human action. The easier we can make security, the less it will become yet another distraction. It's a win-win for employees and companies."

Workers have faced what can feel like an avalanche of crises and concerns over the past year, say 1Password. From the COVID-19 pandemic to the rapid changes in the financial markets and inflation, workers conveyed a vivid picture of their distraction on overdrive, with 53 per cent related to economic or monetary concerns.

• Unprecedented stress: 4 in 5 employees (79 per cent) feel distracted on a typical work day, with 1 in 3 employees (32 per cent) saying they're the most stressed they've ever been in their lives.
• A perfect storm: Top distractions include the Covid-19 pandemic (44 per cent), recession/inflation (42 per cent), economic uncertainty (38 per cent), gas prices (34 per cent), and personal relationships (29 per cent).
• Missing motivation: More than 1 in 4 employees (26 per cent) say that distractions from world events make it hard to care about their job. This has major repercussions for enterprise security, with distracted workers more than twice as likely as others to do only the bare minimum for security at work (24 per cent vs. 10 per cent).

Despite high-profile breaches and ransomware attacks generating splashy media headlines weekly, silver linings are evident amid the chaos. Awareness of cyberthreats is increasing, and security automation and systems are making headway, counterbalancing human shortcomings around security.

• Rising awareness: 3 in 4 employees (76 per cent) are aware their individual actions have an impact on their company's overall security, and 82 per cent would care if they caused a security breach.
• Trusted tools: Nearly 9 in 10 employees (89 per cent) now use authentication products or services such as two-factor (2FA) or multi-factor authentication (MFA), biometrics, password managers and single sign-on.
• Mythbusting: complexity ≠ security: There's a misperception that if security is too easy, it's not safe. Employees are three times as likely to trust two-factor or multi-factor authentication as they are to trust single sign-on (65 per cent vs. 19%).

Notable security improvements have been made recently, but our research shows that bad security hygiene persists in the modern workplace. Poor password habits are still prevalent, and 50 per cent of employees say the biggest threat their company faces is the prospect of employees falling for scams or phishing attempts.

• Senior security snafus: Poor password hygiene is notably worse among employees at the level of director and above, with 49 per cent using personal identifiers in their passwords.
• Password reuse: Despite knowing the risks associated, 1 in 3 employees (34 per cent) reuse passwords.
• Same device, different gig: One in 10 workers (10 per cent) have used their work computers or devices for a side gig or another job – and tech workers are even worse (19 per cent) – making companies increasingly vulnerable to security risks.

Workers in the tech, IT and telecom industries reported being far more distracted than their non-tech counterparts. Tech workers are nearly twice as likely as others to say distractions make it hard to care about their jobs, and are more than three times as likely to do the bare minimum around security.

• Domino effect: Nearly half (46 per cent) of tech industry workers say that distractions from world events make it hard to care about their jobs – compared to 23 per cent of other employees in other industries.
• Distraction dependency: 39 per cent of tech industry workers say their coworkers are less productive at work because they're distracted by world events – nearly twice as much as workers in other industries (20 per cent).
• Phoning it in with workplace security: 36 per cent of tech industry workers say they only do the bare minimum when it comes to security at work – compared to 11 per cent of employees in other industries.

"Every crisis creates an opportunity for criminals to exploit victims via social engineering as they take advantage of psychological weaknesses,” says Troy Hunt, Strategic Advisor at 1Password and founder of Have I Been Pwned. “Many of the traditional human vulnerabilities are at greater risk in a time of permacrisis; curiosity, the power of authority figures, manufactured urgency, greed and other weaknesses will continue to be used to the attackers' advantage. 

“As the level of sophistication increases, even the most tech-savvy of us can fall victim to a well-crafted attack, and it's our job in the industry to build more resilient systems and tools."