A report by Elevate Security and Cyentia found that a small group of employees are often the biggest threat to a company's digital information. The report also found that this group of employees are usually repeat offenders, putting their companies at risk from the main three categories of malware, phishing, and unsecure internet browing.

The report found that 4% of employees clicked on 80% of phishing links, and 3% were responsible for 92% of malware events.

Similar, 71% of all violations of company browing policies came from approximatley 12% of employees, who visited these types of sites at least 750 times in a year.

Luckily, companies have started to implement controls that block malicious emails and risky web browsing. Although the report also noted that different levels of sucess and controls varied between different departments of an an organization.

Researchers suggest companies should focus cybersecurity awarness and training for all employees, and specifically those that engage in risky  behaviors.

More information and a link to the report can be found here: https://www.itpro.com/security/malware/366011/just-3-of-employees-cause-92-of-malware-events