Employees remain among the most common causes of cyber-security breaches, business have been warned.

Aon’s latest cyber-security risk report says in the quest for tech-driven efficiency, some companies give staff more robust access privileges than are warranted.

A survey of cyber-security professionals, conducted by Cybersecurity Insiders last year, found 53% have suffered an insider-related attack on their organisation.

Administrators overseeing more systems need more privileges, but that increases the risk of damage, Aon says.

And it warns a growing reliance on third-party or even fourth-party vendors and service providers creates new backdoors to attack supply chains.

In Britain 58% of companies have experienced a data breach via a third party, yet only 35% rate their third-party risk management program as “highly effective”, the report says.

The problem causes regulatory issues for companies, because cyber-security laws increasingly hold breached organisations responsible, even when suppliers are at fault, as in the US.

Privacy regulations are tightening as the digital economy transforms, and it is becoming more important to establish strong data governance and implement effective access and data-protection controls, the report says.

Australia’s notifiable data breach regulation has prompted companies to act on cyber security.

The need for advanced planning on cyber security will grow this year as companies rely more on technology to speed the transfer of information, Aon says.

The report warns increased regulation can actually create more cyber risk, because it encourages a tick-the-box mentality that replaces best practice.