Men at major companies are three times more likely to engage in risky online behavior compared to women, according to a study by SecurityAdvisor. The research is based on analysis of more than 500,000 malicious emails and 500,000 visits to dangerous websites by enterprise employees in 20 different countries.
The top transgressions include: forgetting passwords and entering failed logins, clicking on phishing emails, using adware, using peer-to-peer software and private VPNs, and streaming pirated content, according to the report.
Threat actors target senior-level executives and members of the C-suite 50 times more often than average employees, SecurityAdvisor found.
The report raises questions about possible gender-based behaviors that open large organizations to compromise. Sophisticated threat actors can use social engineering and other techniques to gain access to sensitive company data and privileged credentials, according to researchers who reviewed the data.
In SecurityAdvisor's research, women made up about 42% of the sample data, however accounted for 48% of the top safe users, but only 26% of risky users.
"It was surprising to see how [women] are a significantly higher proportion of safer users and a significantly lower proportion of risky employees," said Sai Venkataraman, co-founder and CEO at SecurityAdvisor.
Kellie McElhaney, a founding director at the Center for Equity Gender and Leadership at Berkeley University, has not studied prior gender-based data on cybersecurity, but told Cybersecurity Dive that men tend to view negotiations as a game and feel pressure to "win at all costs," and are more likely to resort to unethical behavior and strategies to win.
Issues including unethical behavior and harassment are more likely to occur in organizations with a male-dominated, hierarchical structure and where previous activities have been swept under the rug, McElhaney said.
Prior research regarding online behavior in the enterprise is mixed with regards to gender.
A 2020 survey of 1,100 end users by security firm GreatHorn showed no statistical difference between men and women in terms of who was likely to identify phishing emails, but older workers above age 45 were more skeptical of emails, whether they were legitimate or not.
However, a report last month from insurance provider Chubb on how consumers approached cyber risk showed women were taking more steps to protect their personal information. For example, a higher percentage of women were regularly changing passwords, no longer clicking on links from suspicious senders and no longer using the same password on multiple accounts.
The same data showed men were taking more steps to protect financial information, with a higher percentage monitoring credit reports and checking financial statements.