"When we are tired and stressed, we are less likely to question the legitimacy of messages and miss the cues that signal a threat."
The report concluded that working environments are making it impossible for those working in accountancy, banking and finance to make the right decision 100% of the time when faced with a potential cyber threat on email.
People in financial services were most likely to fall for the scams, with 29% admitting to clicking on a phishing email at work. This is significantly higher than the UK average of 11%.
When surveyed, 70% of those working in financial services said there is an expectation within their organisation to respond to emails quickly. Additionally, nearly half (48%) said they respond to emails much more quickly on their phones.
94% of financial services workers say they feel tired at work and 85% admitted they make more mistakes when tired.
In addition, 89% say they feel stressed at work and 49% described their current workload as either ‘overwhelming’ or ‘heavy’ - 5% more than the UK average.
Other distractions cited by financial services workers included other colleagues (36%), email notifications (32%), office noise (29%), notifications on their personal phones (29%), and meetings (26%).
Tessian research found that when juggling multiple tasks at once, employees will likely rely more on habitual behaviours rather than engaging in analytical thinking, making businesses more vulnerable to threats via email.
Tim Sadler, CEO of Tessian, said: “Every time someone sends or receives an email, they are making a decision. When you consider how much time we spend on email, it’s little wonder that sometimes those decisions result in mistakes. However, it takes just one mistake - one email being sent to the wrong person or falling for one convincing message - to compromise your company’s data and ruin its reputation. Businesses, therefore, need to consider how they can protect their employees on email.
“People in financial services are under huge amounts of stress. Businesses in this sector cannot rely on employees being the first line of defence. Mistakes happen, especially when people are tired, stressed and overworked. Businesses, therefore, need to help people make conscious and safe cybersecurity decisions on email, putting a safety net in place to prevent the inevitable. Only then, can they protect their data and systems from human failure on email.”
Dr Helen Jones, University of Central Lancashire, commented: “Tired and stressed employees pose a real risk to email security. When we are tired and stressed, we are less likely to question the legitimacy of messages and miss the cues that signal a threat. We are also much more impulsive when we are tired, making it harder to resist the urge to respond to a tempting or persuasive request in a phishing email.”