‘CyberArk 2024 Employee Risk Survey’: 83% of APAC Employees Access Workplace Applications from Personal Devices with Little Security

CyberArk, the global leader in identity security, has announced the results of a new employee research titled “CyberArk 2024 Employee Risk Survey.” The report highlights the need to shift to a model where workforce access is not just managed but secured.

Driven by hybrid working and flexible access trends, a multi-country CyberArk 2024 Employee Risk Survey reveals how many common employee sensitive and privileged data access behaviours—deliberate and accidental—put organisations at risk. In parallel, new research from CyberArk Labs shows how one’s online history can be a threat to employers as well as to personal lives.

Four Key Findings from the CyberArk 2024 Employee Risk Survey: Harmful Employee Behaviours

Based on a survey of 14,003 employees working in all major types of job roles and vertical industries across the USA, UK, France, Germany, Australia, and Singapore, the CyberArk 2024 Employee Risk Survey reveals insights into prevalent employee behaviours and data access patterns. It shows that security teams must rethink how identity security controls are applied to the modern workforce.

1. Majority have access to sensitive information. 83% of respondents surveyed in Asia Pacific indicated in the CyberArk 2024 Employee Risk Survey that they access workplace applications—which often contain business-critical data—from personal devices that frequently lack adequate security controls. The survey confirms that privileged access is no longer confined to IT admins. 40% of Asia Pacific respondents indicated they habitually download customer data; 40% are able to alter critical or sensitive data; and 25% can approve large financial transactions.
2. Password reuse is common. The CyberArk 2024 Employee Risk Survey highlights several worrisome habits. 49% of Asia Pacific employees surveyed use the same login credentials for multiple work-related applications, while 40% use the same credentials for both personal and work applications. 53% of those surveyed have shared workplace-specific confidential information with outside parties. These practices significantly heighten the risk of security leaks and breaches.
3. Majority bypass cybersecurity policies. 62% of Asia Pacific employees often bypass cybersecurity policies to make their lives easier. Common workarounds include using one password across multiple accounts, using personal devices as WiFi hotspots, and forwarding corporate emails to personal accounts.
4. AI adoption creates more security challenges. The CyberArk 2024 Employee Risk Survey also sheds light on the growing use of AI tools in the workplace. Over 70% of Asia Pacific employees use Artificial Intelligence (AI) tools, which can introduce new vulnerabilities when, for instance, sensitive data is inputted into them. A third (33%) of Asia Pacific employees either ‘only sometimes’ or ‘never’ adhere to guidelines on handling sensitive information in their use of AI tools.

“The CyberArk 2024 Employee Risk Survey indicates that employees play a pivotal role in ensuring an organisation is secure against cyberattacks. Human errors, such as weak passwords, accidental sharing of sensitive data, or bypassing cybersecurity policies, remain a leading cause of security incidents today. Building a culture of security awareness and providing continuous training to educate employees on the consequences of their dangerous behaviour is key. It is also critical for businesses across the region to embed identity security at every layer to protect sensitive data, preserve trust, and ensure resilience against ever-growing cyber threats,” said Lim Teck Wee, Area Vice President, ASEAN, at CyberArk.

New CyberArk Labs Research

“White FAANG: Devouring Your Personal Data” is new research from CyberArk Labs that shows how the individual browsing and internet history of individual employees can present cyber issues for their employers, as well as to personal lives. Detailing how individual browsing history data—downloaded from technology giants like Apple and Meta—is easily stolen, it shows how an attacker might abuse this extensive information trove as, for example, an attack vector into employer organisations.

The combination of worrisome employee actions and attackers’ ability to steal and capitalise on browsing history and internet usage increases risk for organisations. By implementing a robust identity security program with dynamic privilege controls at every user checkpoint, security teams can prevent attackers from gaining access to sensitive and privileged information without adding unwanted friction into workplace processes.

“For far too long, the standard approach to workforce access security has been centred around basic controls like authentication via single sign on. This ignores the reality of the modern worker and the changing nature of identity: the average employee can be a casual workforce user and, the next moment, a privileged account,” said Matt Cohen, CEO at CyberArk. “These findings show that high-risk access is scattered throughout every job role and bad behaviours abound, creating serious security issues for organisations and highlighting the pressing need to reimagine workforce identity security by securing every user with the right level of privilege controls.”